Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Killav.kr Dss Log


  • This topic is locked This topic is locked
8 replies to this topic

#1 sullyzmail

sullyzmail

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:42 AM

Posted 28 May 2008 - 09:07 AM

I have been fighting killav.kr (and maybe some other bugs) using information from various forums. I am here now. I have run counter spy according to directions, and have run avg 8 (both from a safe boot). Here is the dss log and also an OTScan log. Thanks for whatever you can do.

Symtoms began with bugs eating my screensaver. IE would open new windows with various websites (seemingly valid sites). AVG 8 would find Trojan Horse KillAv.KR. Computer now works OK with the exception of AVG finding KillAv.KR and some associated files on startup.

Hope I've done all of this right.

Lydell


Deckard's System Scanner v20071014.68
Run by Stephanie on 2008-05-28 09:41:17
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
12: 2008-05-28 13:41:21 UTC - RP159 - Deckard's System Scanner Restore Point
11: 2008-05-28 13:15:22 UTC - RP158 - CounterSpy - 5/28/2008 9:15:17 AM
10: 2008-05-27 11:44:13 UTC - RP157 - System Checkpoint
9: 2008-05-26 01:35:40 UTC - RP156 - System Checkpoint
8: 2008-05-21 13:49:53 UTC - RP155 - System Checkpoint


-- First Restore Point --
1: 2008-05-17 20:39:28 UTC - RP148 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Stephanie.exe) -------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-05-28 09:45:21
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG8\avgwdsvc.exe
C:\Program Files\BUFFALO\Client Manager3\bwsvc\Bwsvc.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Vongo\VongoService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\BUFFALO\Client Manager3\cm3_tray.exe
C:\Program Files\Vongo\Tray.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Stephanie\Desktop\dss.exe
C:\Program Files\Trend Micro\HijackThis\Stephanie.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: (no name) - {bc97b254-b2b9-4d40-971d-78e0978f5f26} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [QdrModule16] "C:\Program Files\QdrModule\QdrModule16.exe"
O4 - Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe
O4 - Global Startup: ClientManager3.lnk = C:\Program Files\BUFFALO\Client Manager3\cm3_tray.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/get/shock...director/sw.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
O18 - Filter: text/html - {07851C6A-1C43-41d9-8319-BC89154A8C00} - C:\Program Files\RcvSystem\httpdchk.dll (file missing)
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bwsvc - BUFFALO INC. - C:\Program Files\BUFFALO\Client Manager3\bwsvc\Bwsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: Vongo Service - Starz Entertainment Group LLC - C:\Program Files\Vongo\VongoService.exe
O23 - Service: Windows Action Script - Unknown owner - C:\WINDOWS\system32\scvhost.exe


--
End of file - 9882 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 BUFADPT - c:\windows\system32\bufadpt.sys <Not Verified; BUFFALO INC.; BUFFALO Wireless LAN>
R3 Eacfilt (Eacfilt Miniport) - c:\windows\system32\drivers\eacfilt.sys <Not Verified; Nortel Networks; Filter Driver for CVC>
R3 IPSECSHM (Nortel IPSECSHM Adapter) - c:\windows\system32\drivers\ipsecw2k.sys <Not Verified; Nortel Networks NA, Inc.; Contivity VPN Client>
R3 SBAPIFS - c:\windows\system32\drivers\sbapifs.sys (file missing)

S2 IPSECEXT (Nortel Extranet Access Protocol) - c:\windows\system32\drivers\ipsecw2k.sys <Not Verified; Nortel Networks NA, Inc.; Contivity VPN Client>
S3 UIUSys (Conexant Setup API) - c:\windows\system32\drivers\uiusys.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Bwsvc - c:\program files\buffalo\client manager3\bwsvc\bwsvc.exe -service <Not Verified; BUFFALO INC.; BUFFALO NETWORK SERVICE>
R2 Vongo Service - c:\program files\vongo\vongoservice.exe <Not Verified; Starz Entertainment Group LLC; Vongo>

S2 Windows Action Script - "c:\windows\system32\scvhost.exe" (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-05-05 11:44:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-04-28 and 2008-05-28 -----------------------------

2008-05-20 08:29:59 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sunbelt Software
2008-05-19 21:08:32 0 d--h----- C:\$AVG8.VAULT$
2008-05-19 21:07:05 16636 --a------ C:\WINDOWS\hosts
2008-05-19 21:03:47 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-05-19 21:03:47 0 d-------- C:\Documents and Settings\Stephanie\Application Data\AVGTOOLBAR
2008-05-19 21:03:37 0 d-------- C:\Program Files\AVG
2008-05-19 21:03:36 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-05-19 19:37:36 0 --a------ C:\WINDOWS\system32\SBRC.dat
2008-05-19 19:37:36 0 --a------ C:\WINDOWS\system32\SBFC.dat
2008-05-19 14:24:39 0 d-------- C:\Documents and Settings\Stephanie\Application Data\Sunbelt Software
2008-05-19 14:24:33 0 d-------- C:\Documents and Settings\All Users\Application Data\Sunbelt Software
2008-05-19 14:24:01 0 d-------- C:\Program Files\Sunbelt Software
2008-05-19 14:05:02 0 d-------- C:\Program Files\Trend Micro
2008-05-19 09:36:08 20992 --a------ C:\WINDOWS\system\run.exe
2008-05-19 09:00:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-18 22:07:21 0 d-------- C:\Documents and Settings\LocalService\Application Data\Yahoo!
2008-05-18 22:07:20 0 d-------- C:\Documents and Settings\LocalService\Application Data\Google
2008-05-18 22:07:19 0 dr------- C:\Documents and Settings\LocalService\Favorites
2008-05-18 22:05:44 0 d-------- C:\Documents and Settings\LocalService\Application Data\Macromedia
2008-05-18 22:05:26 7680 --a------ C:\WINDOWS\system\delnew.exe
2008-05-18 22:05:25 0 d-------- C:\Program Files\RcvSystem
2008-05-18 09:23:55 0 d-------- C:\WINDOWS\CSC
2008-05-17 22:24:42 1695 --a------ C:\WINDOWS\system32\clbinit.dll
2008-05-17 17:02:01 9216 --a------ C:\WINDOWS\xplugin.dll
2008-05-17 17:01:59 9472 --a------ C:\WINDOWS\time.exe
2008-05-17 17:01:58 24576 --a------ C:\WINDOWS\sistem.exe
2008-05-17 17:01:58 26112 --a------ C:\WINDOWS\searchword.dll
2008-05-17 17:01:57 28160 --a------ C:\WINDOWS\mswsc20.dll
2008-05-17 17:01:57 11264 --a------ C:\WINDOWS\mswsc10.dll
2008-05-17 17:01:56 8960 --a------ C:\WINDOWS\msspi.dll
2008-05-17 17:01:56 14848 --a------ C:\WINDOWS\msconfd.dll
2008-05-17 17:01:56 20992 --a------ C:\WINDOWS\inetinf.exe
2008-05-17 17:01:55 21248 --a------ C:\WINDOWS\helpcvs.exe
2008-05-17 17:01:55 25088 --a------ C:\WINDOWS\gfmnaaa.dll
2008-05-17 17:01:55 14592 --a------ C:\WINDOWS\funny.exe
2008-05-17 17:01:54 26624 --a------ C:\WINDOWS\funniest.exe
2008-05-17 17:01:54 16128 --a------ C:\WINDOWS\explorer32.exe
2008-05-17 17:01:54 31488 --a------ C:\WINDOWS\dnsrelay.dll
2008-05-17 17:01:53 22016 --a------ C:\WINDOWS\directx32.exe
2008-05-17 17:01:53 25600 --a------ C:\WINDOWS\ctrlpan.dll
2008-05-17 17:01:53 30976 --a------ C:\WINDOWS\ctfmon32.exe
2008-05-17 16:38:11 160256 --a------ C:\WINDOWS\system32\blackster.scr <Not Verified; Peter's Productions; Bugs!>
2008-05-17 16:37:32 0 d-------- C:\WINDOWS\system32\dFrnx06
2008-05-17 16:37:32 0 d-------- C:\Temp
2008-05-17 16:37:11 4 --a------ C:\WINDOWS\system32\hljwugsf.bin


-- Find3M Report ---------------------------------------------------------------

2008-05-25 08:14:59 0 d-------- C:\Program Files\KETS Enterprise VPN
2008-05-19 21:23:35 0 d-------- C:\Program Files\DIGStream
2008-05-14 21:00:29 17272 --a------ C:\Documents and Settings\Stephanie\Application Data\wklnhst.dat
2008-05-14 20:50:51 0 d-------- C:\Program Files\Common Files\Adobe
2008-04-14 08:00:05 0 d-------- C:\Program Files\BUFFALO
2008-04-07 12:43:10 0 d-------- C:\Documents and Settings\Stephanie\Application Data\Leadertech
2008-04-03 08:08:13 0 d-------- C:\Program Files\Java
2008-03-31 12:08:47 0 d-------- C:\Documents and Settings\Stephanie\Application Data\Macromedia


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
05/19/2008 09:03 PM 2050816 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bc97b254-b2b9-4d40-971d-78e0978f5f26}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [05/19/2008 09:03 PM 2050816]

[-HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [08/06/2005 12:56 AM]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [05/04/2006 01:58 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [08/18/2006 04:00 AM]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [08/18/2006 04:00 AM]
"nwiz"="nwiz.exe" [08/18/2006 04:00 AM C:\WINDOWS\system32\nwiz.exe]
"MsmqIntCert"="regsvr32 /s mqrt.dll" []
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [06/01/2006 08:02 PM C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [04/01/2006 01:01 AM]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [07/12/2006 12:55 AM]
"@"="" []
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [08/11/2005 07:30 PM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [08/11/2005 07:30 PM]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [06/19/2006 02:33 PM]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [10/11/2005 01:23 PM]
"Reminder"="C:\Windows\CREATOR\Remind_XP.exe" [02/09/2006 12:52 PM]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [06/07/2005 12:46 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [10/25/2006 07:58 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [10/30/2006 10:36 AM]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [02/16/2005 11:11 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"SBCSTray"="C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe" [12/21/2007 03:30 PM]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [05/19/2008 09:03 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [03/16/2006 12:00 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [06/29/2007 07:47 AM]
"QdrModule16"="C:\Program Files\QdrModule\QdrModule16.exe" []

C:\Documents and Settings\Stephanie\Start Menu\Programs\Startup\
Vongo Tray.lnk - C:\Program Files\Vongo\Tray.exe [5/9/2006 4:09:32 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
ClientManager3.lnk - C:\Program Files\BUFFALO\Client Manager3\cm3_tray.exe [4/14/2008 8:31:08 AM]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [9/24/2005 12:39:30 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
"DisableTaskMgr"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBCSSvc]
@="Service"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2efe09a8-24e1-11dd-b1a3-bcc66a52e9ed}]
AutoRun\command- F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\srv32.exe
open\command- F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\srv32.exe

*Newly Created Service* - SBAPIFS

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{28ABC5C0-4FCB-11CF-AAX5-81CX1C635612}]
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\srv32.exe



-- End of Deckard's System Scanner: finished at 2008-05-28 09:46:20 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Turion™ 64 X2 Mobile Technology TL-50
CPU 1: AMD Turion™ 64 X2 Mobile Technology TL-50
Percentage of Memory in Use: 65%
Physical Memory (total/avail): 990.54 MiB / 344.67 MiB
Pagefile Memory (total/avail): 2387.63 MiB / 1998.26 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1917.79 MiB

C: is Fixed (NTFS) - 61.96 GiB total, 42.03 GiB free.
D: is Fixed (FAT32) - 11.53 GiB total, 1.26 GiB free.
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - TOSHIBA MK8034GSX - 74.53 GiB - 3 partitions
\PARTITION0 (bootable) - Installable File System - 61.96 GiB - C:
\PARTITION1 - Unknown - 11.55 GiB - D:
\PARTITION2 - Unknown - 1027.6 MiB



-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.
UpdatesDisableNotify is set.

AV: AVG Anti-Virus Free v8.0 (AVG Technologies)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\mqsvc.exe"="C:\\WINDOWS\\system32\\mqsvc.exe:*:Enabled:Message Queuing"
""=""
"C:\\Program Files\\Vongo\\VongoService.exe"="C:\\Program Files\\Vongo\\VongoService.exe:*:enabled:VongoService"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\mqsvc.exe"="C:\\WINDOWS\\system32\\mqsvc.exe:*:Enabled:Message Queuing"
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"="C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe:*:Enabled:Earthlink"
"C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Nortel Networks\\Extranet.exe"="C:\\Program Files\\Nortel Networks\\Extranet.exe:*:Enabled:Contivity VPN Client"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\KETS Enterprise VPN\\Extranet.exe"="C:\\Program Files\\KETS Enterprise VPN\\Extranet.exe:*:Enabled:Contivity VPN Client"
"C:\\Program Files\\BUFFALO\\Client Manager3\\AOSS\\aoss.exe"="C:\\Program Files\\BUFFALO\\Client Manager3\\AOSS\\aoss.exe:*:Enabled:Aoss"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"="C:\\Program Files\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Stephanie\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=HP-NOTEBOOK
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Stephanie
LOGONSERVER=\\HP-NOTEBOOK
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PCTYPE=PAVILION
PLATFORM=MCD
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 72 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=4802
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
SESSIONNAME=Console
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\STEPHA~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\STEPHA~1\LOCALS~1\Temp
USERDOMAIN=HP-NOTEBOOK
USERNAME=Stephanie
USERPROFILE=C:\Documents and Settings\Stephanie
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

Stephanie (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\PROGRA~1\Yahoo!\Common\unyt.exe
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{939F8208-C8CE-4AFF-B7BA-ACEB2E74A6CB}\Setup.exe"
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
5 Card Slingo from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\5DE4D54F-AA79-43A4-9C8A-C173E7E2B025\Uninstall.exe"
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe® Photoshop® Album Starter Edition 3.0 --> MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
Apple Software Update --> MsiExec.exe /I{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D}
AVG Free 8.0 --> C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Bejeweled 2 Deluxe 1.1 --> C:\Program Files\PopCap Games\Bejeweled 2 Deluxe\PopUninstall.exe "C:\Program Files\PopCap Games\Bejeweled 2 Deluxe\Install.log"
Bejeweled 2 Deluxe from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\6E377D95-DF37-4E67-B64B-68C314600BCB\Uninstall.exe"
Big Kahuna Reef from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\7948472C-423F-4134-B68F-48D660A05D71\Uninstall.exe"
Blackhawk Striker 2 from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\384E0BF4-1E1F-45A6-B60E-42144A3F15CD\Uninstall.exe"
Blasterball 2 from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\9F3399B2-9ED6-4339-84A2-686432638B86\Uninstall.exe"
Boggle Supreme from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\5658FB14-16A4-4DAE-946B-1457BE31572E\Uninstall.exe"
Bookworm Deluxe from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\B0769D17-E72A-4E87-A83F-1F7A3F080008\Uninstall.exe"
Bounce Symphony from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\7A940E33-6993-404B-ABA6-ED62E8FBE615\Uninstall.exe"
BUFFALO Client Manager 3 --> C:\WINDOWS\UN800114.EXE /U
Chuzzle Deluxe from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\382C11F0-1A18-4F76-B8E0-15CA7F209C22\Uninstall.exe"
Conexant HD Audio --> C:\Program Files\CONEXANT\CNXT_HDAUDIO\HXFSETUP.EXE -U -IAt8VEN5a.inf
Crystal Maze from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\E94C7046-2F7D-4D4D-B76F-C412DCCEAAC2\Uninstall.exe"
Customer Experience Enhancement --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{23012310-3E05-46A5-88A9-C6CBCABCAC79} /l1033
DivX --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
Easy Internet Sign-up --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{8105684D-8CA6-440D-8F58-7E5FD67A499D} /l1033
ESPNMotion --> C:\PROGRA~1\ESPNMO~1\UNWISE.EXE /u C:\PROGRA~1\ESPNMO~1\INSTALL.LOG
FATE from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\6ECB6EE6-92E1-4525-AF3B-3CE51A7C5F89\Uninstall.exe"
Final Drive Nitro from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\320F055A-570F-4335-B026-16A836DB9549\Uninstall.exe"
Flip Words from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\F2566CC2-D4C4-44ED-A838-3F8288D8D3FE\Uninstall.exe"
GemMaster Mystic --> "C:\Program Files\GemMaster\uninstallgemmaster.exe"
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP BatteryCheck 1.00 A7 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{69DAC00A-7665-4E9B-B441-093D40736429}\setup.exe" -l0x9 -removeonly uninst
HP Game Console and games --> C:\Program Files\WildTangent\Apps\hpuninstall.exe
HP Help and Support --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}\setup.exe" -l0x9 -removeonly
HP Imaging Device Functions 6.0 --> C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Premier Software 6.0 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Quick Launch Buttons 6.10 A2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe" -l0x9 -removeonly uninst
HP QuickPlay 2.3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\setup.exe" -uninstall
HP Rhapsody --> C:\PROGRA~1\HPRHAP~1\Unwise32.exe /A C:\PROGRA~1\HPRHAP~1\install.log
HP Update --> MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
HP User Guides 0031 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{13BCF6CB-2F54-4962-9B11-32F07048ACF3}\Setup.exe" -l0x9 -removeonly
HP Wireless Assistant 2.00 G2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}\setup.exe" -l0x9 hpquninst
Insaniquarium Deluxe from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\0E5266B4-9069-401A-93AE-5FF9F1712016\Uninstall.exe"
iTunes --> MsiExec.exe /I{446DBFFA-4088-48E3-8932-74316BA4CAE4}
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Jewel Quest from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\4C061F83-EE92-445A-A03F-184B0BD59242\Uninstall.exe"
KETS Enterprise VPN --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF964A78-078C-11D1-B7A7-0000C0134CE6}\setup.exe" Uninstall
Lemonade Tycoon 2 from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\E90E3AE9-73E4-4E5C-BB0F-673989A808D0\Uninstall.exe"
Lexibox Deluxe from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\5758A0E8-A112-4A1D-82EC-EC72F7F16B88\Uninstall.exe"
Macromedia Flash Player 8 --> MsiExec.exe /X{6815FCDD-401D-481E-BA88-31B4754C2B46}
Macromedia Shockwave Player --> MsiExec.exe /X{838A1BC9-95CA-4880-9BE3-2A7D23600A2B}
Mah Jong Quest from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\E76A7EFF-7758-49EE-B3FA-9699830A2D6B\Uninstall.exe"
Microsoft Money 2006 --> "C:\Program Files\Microsoft Money 2006\MNYCoreFiles\Setup\uninst.exe" /s:120
Microsoft Office Word Viewer 2003 --> MsiExec.exe /I{90850409-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works --> MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
muvee autoProducer 5.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB09F05F-85C6-4205-B28D-5BF071D276C3}\setup.exe" -l0x9
NetWaiting --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
NVIDIA Drivers --> C:\WINDOWS\system32\nvunrm.exe UninstallGUI
Oasis from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\E332F38A-75F6-4EF2-88CC-246E8A1CB5D7\Uninstall.exe"
Office 2003 Trial Assistant --> MsiExec.exe /I{47D2103B-FD51-4017-9C20-DD408B17D726}
Polar Bowler from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\7F8C5718-1BA9-4AAE-96D2-2B04D05F2D54\Uninstall.exe"
Polar Golfer from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\D2E44AA4-8665-4490-A6C9-2D0744B47B27\Uninstall.exe"
Puzzle Express from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\EF860173-4FB7-4DE1-8BE8-5400F05A0DC5\Uninstall.exe"
Quicken 2006 --> MsiExec.exe /X{2818095F-FB6C-42C8-827E-0A406CC9AFF5}
QuickTime --> MsiExec.exe /I{50D8FFDD-90CD-4859-841F-AA1961C7767A}
SCRABBLE from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\103EFD47-9F2C-4490-95DD-AE6C442AFB92\Uninstall.exe"
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Slingo Deluxe from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\C264D692-8E15-4141-96A2-5621332E5DD0\Uninstall.exe"
Slyder from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\B0202B33-E73D-4FCD-AC88-0B2971AFC116\Uninstall.exe"
Snowboard SuperJam --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\DED8E2B5-BA9F-448F-84E8-0AEF79876F95\Uninstall.exe"
Soft Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_5045_at8ven5m\HXFSETUP.EXE -U -IAt8VEN5m.inf
Sonic Audio Module --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic Copy Module --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic Data Module --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SonicAC3Encoder --> MsiExec.exe /I{52FBAE98-D389-4281-8C14-21B4046CCB4E}
SonicMPEGEncoder --> MsiExec.exe /I{B16AF568-A644-483C-A6DA-5028CD019C8C}
Super Granny from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\7ED8A70C-9597-40BE-AEA0-0573182F1F51\Uninstall.exe"
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TourSetup --> MsiExec.exe /I{A01FC76F-CC09-4658-9E37-5C2F635EE708}
Tradewinds from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\1C3FDBBA-EBF7-4CDB-AD8A-A1125734AF86\Uninstall.exe"
Update Rollup 2 for Windows XP Media Center Edition 2005 -->
Vongo --> MsiExec.exe /I{DB7E00C9-6DEF-489A-8112-D8F81614F45A}
Windows Media Connect --> "C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB912067 --> "C:\WINDOWS\$NtUninstallKB912067$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB915381 --> "C:\WINDOWS\$NtUninstallKB915381$\spuninst\spuninst.exe"
Wireless Home Network Setup --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{09D8492A-C8E2-421E-927D-46800FB327A3}\Setup.exe" -l0x9 -removeonly
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\WINDOWS\cache\YINSTH~1.DLL
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe
Zuma Deluxe from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\074EEF5F-3BE8-4112-B253-C5D6CDE2924C\Uninstall.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type4333 / Error
Event Submitted/Written: 05/28/2008 09:31:27 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 7.0.6000.16640, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type4332 / Error
Event Submitted/Written: 05/28/2008 09:22:28 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 7.0.6000.16640, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type4331 / Error
Event Submitted/Written: 05/27/2008 08:15:18 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 7.0.6000.16640, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type4323 / Error
Event Submitted/Written: 05/27/2008 07:02:41 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 7.0.6000.16640, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type4270 / Error
Event Submitted/Written: 05/22/2008 07:36:10 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 7.0.6000.16640, hang module hungapp, version 0.0.0.0, hang address 0x00000000.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type24646 / Warning
Event Submitted/Written: 05/27/2008 08:18:22 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0014A5DF0C4E. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type24638 / Error
Event Submitted/Written: 05/27/2008 08:12:14 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The HTTP SSL service failed to start due to the following error:
%%1053

Event Record #/Type24637 / Error
Event Submitted/Written: 05/27/2008 08:12:14 PM
Event ID/Source: 7009 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for the HTTP SSL service to connect.

Event Record #/Type24616 / Warning
Event Submitted/Written: 05/27/2008 08:11:16 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0014A5DF0C4E. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type24615 / Error
Event Submitted/Written: 05/27/2008 08:11:05 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Nortel Extranet Access Protocol service failed to start due to the following error:
%%2



-- End of Deckard's System Scanner: finished at 2008-05-28 09:46:20 ------------

OTScanIt logfile created on: 5/28/2008 9:28:17 AM
OTScanIt by OldTimer - Version 1.0.15.2	 Folder = C:\Documents and Settings\Stephanie\Desktop\OTScanIt
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
990.54 Mb Total Physical Memory | 358.06 Mb Available Physical Memory | 36.15% Memory free
2.33 Gb Paging File | 1.96 Gb Available in Paging File | 84.26% Paging File free
Paging file location(s): C:\pagefile.sys 1488 2976;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 61.96 Gb Total Space | 42.09 Gb Free Space | 67.92% Space Free | Partition Type: NTFS
Drive D: | 11.53 Gb Total Space | 1.26 Gb Free Space | 10.90% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HP-NOTEBOOK
Current User Name: Stephanie
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

[Processes - Non-Microsoft Only]
msdtc.exe -> %SystemRoot%\system32\msdtc ->  [Folder | Modified Date = 9/19/2006 4:58:37 PM | Attr =	]
avgwdsvc.exe -> %SystemDrive%\PROGRA~1\AVG\AVG8\avgwdsvc.exe -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.100 | Size = 282904 bytes | Modified Date = 5/19/2008 9:03:37 PM | Attr =	]
bwsvc.exe -> %ProgramFiles%\BUFFALO\Client Manager3\bwsvc\bwsvc.exe -> BUFFALO INC. [Ver = 2, 0, 3, 2 | Size = 397312 bytes | Modified Date = 2/24/2006 4:10:00 AM | Attr =	]
lssrvc.exe -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> Hewlett-Packard Company [Ver = 1.4.97.1 | Size = 49152 bytes | Modified Date = 5/18/2006 7:52:06 PM | Attr =	]
nvsvc32.exe -> %SystemRoot%\system32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.8619 | Size = 143426 bytes | Modified Date = 8/18/2006 4:00:00 AM | Attr =	]
sbcssvc.exe -> %ProgramFiles%\Sunbelt Software\CounterSpy\SBCSSvc.exe -> Sunbelt Software [Ver = 2.2.1156.0 | Size = 788976 bytes | Modified Date = 12/21/2007 3:30:50 PM | Attr =	]
vongoservice.exe -> %ProgramFiles%\Vongo\VongoService.exe -> Starz Entertainment Group LLC [Ver = 1, 25, 0, 0 | Size = 176128 bytes | Modified Date = 5/9/2006 4:11:10 PM | Attr =	]
hp wireless assistant.exe -> %ProgramFiles%\hpq\HP Wireless Assistant\HP Wireless Assistant.exe -> Hewlett-Packard Development Company, L.P. [Ver = 2, 0, 7, 2 | Size = 458752 bytes | Modified Date = 5/4/2006 1:58:26 AM | Attr =	]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_05\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 144784 bytes | Modified Date = 2/22/2008 4:25:21 AM | Attr =	]
syntpenh.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 8.2.23 31Mar06 | Size = 761946 bytes | Modified Date = 4/1/2006 1:01:48 AM | Attr =	]
qpservice.exe -> %ProgramFiles%\HP\QuickPlay\QPService.exe -> CyberLink Corp. [Ver = 4.5.0.0000 | Size = 102400 bytes | Modified Date = 7/12/2006 12:55:34 AM | Attr =	]
issch.exe -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> Macrovision Corporation [Ver = 4, 60, 100, 37068 | Size = 81920 bytes | Modified Date = 8/11/2005 7:30:30 PM | Attr =	]
qlbctrl.exe -> %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ->  Hewlett-Packard Development Company, L.P. [Ver = 6, 1, 1, 2 | Size = 163840 bytes | Modified Date = 6/19/2006 2:33:12 PM | Attr =	]
qttask.exe -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.3 | Size = 282624 bytes | Modified Date = 10/25/2006 7:58:18 PM | Attr =	]
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 256576 bytes | Modified Date = 10/30/2006 10:36:36 AM | Attr =	]
hpwuschd2.exe -> %ProgramFiles%\Hp\HP Software Update\HPWuSchd2.exe -> Hewlett-Packard Co. [Ver = 50.0.146.000 | Size = 49152 bytes | Modified Date = 2/16/2005 11:11:42 PM | Attr =	]
sbcstray.exe -> %ProgramFiles%\Sunbelt Software\CounterSpy\SBCSTray.exe -> Sunbelt Software [Ver = 2.2.1156.0 | Size = 698864 bytes | Modified Date = 12/21/2007 3:30:52 PM | Attr =	]
hpqwmiex.exe -> %ProgramFiles%\Hewlett-Packard\Shared\hpqwmiex.exe -> Hewlett-Packard Development Company, L.P. [Ver = 2, 0, 1, 9 | Size = 135168 bytes | Modified Date = 5/2/2006 6:41:28 PM | Attr =	]
avgtray.exe -> %SystemDrive%\PROGRA~1\AVG\AVG8\avgtray.exe -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.94 | Size = 1177368 bytes | Modified Date = 5/19/2008 9:03:37 PM | Attr =	]
googletoolbarnotifier.exe -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 6/29/2007 7:47:55 AM | Attr =	]
cm3_tray.exe -> %ProgramFiles%\BUFFALO\Client Manager3\cm3_tray.exe -> BUFFALO INC. [Ver = 1, 0, 1, 8 | Size = 466944 bytes | Modified Date = 2/10/2006 1:23:00 AM | Attr =	]
tray.exe -> %ProgramFiles%\Vongo\Tray.exe -> Starz [Ver = 1, 30, 0, 0 | Size = 73728 bytes | Modified Date = 5/9/2006 4:09:32 PM | Attr =	]
hpqimzone.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqimzone.exe -> Hewlett-Packard Development Company, L.P. [Ver = 060.000.155.000 | Size = 475136 bytes | Modified Date = 9/24/2005 11:42:32 AM | Attr =	]
avgrsx.exe -> %SystemDrive%\PROGRA~1\AVG\AVG8\avgrsx.exe -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.84 | Size = 311576 bytes | Modified Date = 5/19/2008 9:03:38 PM | Attr =	]
avgemc.exe -> %SystemDrive%\PROGRA~1\AVG\AVG8\avgemc.exe -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.80 | Size = 902424 bytes | Modified Date = 5/19/2008 9:03:37 PM | Attr =	]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 492608 bytes | Modified Date = 10/30/2006 10:36:32 AM | Attr =	]
otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.15.2 | Size = 374272 bytes | Modified Date = 5/28/2008 2:37:38 AM | Attr =	]
otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.15.2 | Size = 374272 bytes | Modified Date = 5/28/2008 2:37:38 AM | Attr =	]

[Win32 Services - Non-Microsoft Only]
(AddFiltr) AddFiltr [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe -> Hewlett-Packard Development Company, L.P. [Ver = 1.0.0.1 | Size = 126976 bytes | Modified Date = 6/12/2006 4:27:28 PM | Attr =	]
(avg8emc) AVG8 E-mail Scanner [Win32_Own | Auto | Running] -> %SystemDrive%\PROGRA~1\AVG\AVG8\avgemc.exe -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.80 | Size = 902424 bytes | Modified Date = 5/19/2008 9:03:37 PM | Attr =	]
(avg8wd) AVG8 WatchDog [Win32_Own | Auto | Running] -> %SystemDrive%\PROGRA~1\AVG\AVG8\avgwdsvc.exe -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.100 | Size = 282904 bytes | Modified Date = 5/19/2008 9:03:37 PM | Attr =	]
(Bwsvc) Bwsvc [Win32_Own | Auto | Running] -> %ProgramFiles%\BUFFALO\Client Manager3\bwsvc\bwsvc.exe -> BUFFALO INC. [Ver = 2, 0, 3, 2 | Size = 397312 bytes | Modified Date = 2/24/2006 4:10:00 AM | Attr =	]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\System32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 3/16/2006 | Attr =	]
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 4/7/2007 9:37:14 AM | Attr =	]
(hpqwmiex) hpqwmiex [Win32_Own | Auto | Running] -> %ProgramFiles%\Hewlett-Packard\Shared\hpqwmiex.exe -> Hewlett-Packard Development Company, L.P. [Ver = 2, 0, 1, 9 | Size = 135168 bytes | Modified Date = 5/2/2006 6:41:28 PM | Attr =	]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 3:41:10 AM | Attr =	]
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 492608 bytes | Modified Date = 10/30/2006 10:36:32 AM | Attr =	]
(LightScribeService) LightScribeService Direct Disc Labeling Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> Hewlett-Packard Company [Ver = 1.4.97.1 | Size = 49152 bytes | Modified Date = 5/18/2006 7:52:06 PM | Attr =	]
(MSDTC) Distributed Transaction Coordinator [Win32_Own | On_Demand | Running] -> %SystemRoot%\system32\msdtc ->  [Folder | Modified Date = 9/19/2006 4:58:37 PM | Attr =	]
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.8619 | Size = 143426 bytes | Modified Date = 8/18/2006 4:00:00 AM | Attr =	]
(SBCSSvc) Sunbelt CounterSpy Antispyware [Win32_Own | Auto | Running] -> %ProgramFiles%\Sunbelt Software\CounterSpy\SBCSSvc.exe -> Sunbelt Software [Ver = 2.2.1156.0 | Size = 788976 bytes | Modified Date = 12/21/2007 3:30:50 PM | Attr =	]
(Vongo Service) Vongo Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Vongo\VongoService.exe -> Starz Entertainment Group LLC [Ver = 1, 25, 0, 0 | Size = 176128 bytes | Modified Date = 5/9/2006 4:11:10 PM | Attr =	]
(Windows Action Script) Windows Action Script [Win32_Own | Auto | Stopped] -> %SystemRoot%\system32\scvhost.exe -> File not found

[Driver Services - Non-Microsoft Only]
(5U870CAP_VID_1262&PID_25FD) HP Pavilion Webcam   [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\Drivers\5U870CAP.sys -> Ricoh [Ver = 1, 001, 100, 0 | Size = 61952 bytes | Modified Date = 6/6/2006 4:39:56 PM | Attr =	]
(AegisP) AEGIS Protocol (IEEE 802.1x) v3.4.3.0 [Kernel | Auto | Running] -> %SystemRoot%\System32\DRIVERS\AegisP.sys -> Meetinghouse Data Communications [Ver = 3.4.3.0 | Size = 20747 bytes | Modified Date = 4/14/2008 8:31:32 AM | Attr =	]
(AliIde) AliIde [Kernel | Boot | Running] -> %SystemRoot%\system32\DRIVERS\aliide.sys -> Acer Laboratories Inc. [Ver = 1.20 | Size = 5248 bytes | Modified Date = 8/18/2001 12:51:56 AM | Attr =	]
(amdagp) AMD AGP Bus Filter Driver [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\amdagp.sys -> Advanced Micro Devices, Inc. [Ver = 5.00 (xpsp_sp2_rtm.040803-2158) | Size = 43008 bytes | Modified Date = 8/4/2004 10:07:44 AM | Attr =	]
(AmdK8) AMD Processor Driver [Kernel | System | Running] -> %SystemRoot%\System32\DRIVERS\AmdK8.sys -> Advanced Micro Devices [Ver = 1.3.2 (dnsrv(wmbla).060618-2337) | Size = 36864 bytes | Modified Date = 6/19/2006 8:37:34 AM | Attr =	]
(asc) asc [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\asc.sys -> Advanced System Products, Inc. [Ver = 2.9I-MS (XPClient.010817-1148) | Size = 26496 bytes | Modified Date = 8/18/2001 12:52:00 AM | Attr =	]
(asc3550) asc3550 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\asc3550.sys -> Advanced System Products, Inc. [Ver = 3.1E-MS (XPClient.010817-1148) | Size = 14848 bytes | Modified Date = 8/18/2001 12:51:58 AM | Attr =	]
(AvgLdx86) AVG AVI Loader Driver x86 [Kernel | System | Running] -> %SystemRoot%\System32\Drivers\avgldx86.sys -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.58 | Size = 96520 bytes | Modified Date = 5/19/2008 9:03:53 PM | Attr =	]
(AvgMfx86) AVG On-access Scanner Minifilter Driver x86 [File_System | System | Running] -> %SystemRoot%\System32\Drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 8.0.0.46 | Size = 26184 bytes | Modified Date = 5/19/2008 9:03:52 PM | Attr =	]
(AvgTdiX) AVG8 Network Redirector [Kernel | Auto | Running] -> %SystemRoot%\System32\Drivers\avgtdix.sys -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.87 | Size = 75272 bytes | Modified Date = 5/19/2008 9:03:53 PM | Attr =	]
(BCM43XX) Broadcom 802.11 Network Adapter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\System32\DRIVERS\bcmwl5.sys -> Broadcom Corporation [Ver = 4.40.19.0 | Size = 429184 bytes | Modified Date = 4/28/2006 1:12:00 PM | Attr =	]
(BTWUSB) WIDCOMM USB Bluetooth Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\Drivers\btwusb.sys -> Broadcom Corporation. [Ver = 4.0.1.3500 | Size = 57320 bytes | Modified Date = 5/12/2006 4:05:02 PM | Attr =	]
(BUFADPT) BUFADPT [Kernel | System | Running] -> %SystemRoot%\system32\BUFADPT.SYS -> BUFFALO INC. [Ver = 1.0.2.1 built by: WinDDK | Size = 9600 bytes | Modified Date = 7/6/2005 12:52:00 AM | Attr = R  ]
(CmdIde) CmdIde [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\cmdide.sys -> CMD Technology, Inc. [Ver = 2.0.7 (XPClient.010817-1148) | Size = 6656 bytes | Modified Date = 8/18/2001 12:51:54 AM | Attr =	]
(dac2w2k) dac2w2k [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\dac2w2k.sys -> Mylex Corporation [Ver = 6.00-21 (XPClient.010817-1148) | Size = 179584 bytes | Modified Date = 8/18/2001 12:52:16 AM | Attr =	]
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 3/16/2006 | Attr =	]
(dmio) Logical Disk Manager Driver [Kernel | Boot | Running] -> %SystemRoot%\System32\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 3/16/2006 | Attr =	]
(dmload) dmload [Kernel | Boot | Running] -> %SystemRoot%\System32\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 3/16/2006 | Attr =	]
(eabfiltr) eabfiltr [Kernel | System | Running] -> %SystemRoot%\System32\DRIVERS\eabfiltr.sys -> Hewlett-Packard Development Company, L.P. [Ver = 4.20.02.02 | Size = 7808 bytes | Modified Date = 9/19/2005 5:23:52 PM | Attr =	]
(eabusb) eabusb [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\eabusb.sys -> Hewlett-Packard Development Company, L.P. [Ver = 4.20.02.02 | Size = 5760 bytes | Modified Date = 9/19/2005 5:24:20 PM | Attr =	]
(Eacfilt) Eacfilt Miniport [Kernel | On_Demand | Running] -> %SystemRoot%\System32\DRIVERS\eacfilt.sys -> Nortel Networks [Ver = 04,86,0,102 | Size = 9817 bytes | Modified Date = 4/16/2004 3:35:18 PM | Attr =	]
(GEARAspiWDM) GEARAspiWDM [Kernel | On_Demand | Running] -> %SystemRoot%\System32\Drivers\GEARAspiWDM.sys -> GEAR Software Inc. [Ver = 2.0.6.1 | Size = 15664 bytes | Modified Date = 9/19/2006 4:44:04 PM | Attr =	]
(HBtnKey) HBtnKey [Kernel | On_Demand | Running] -> %SystemRoot%\System32\DRIVERS\cpqbttn.sys -> Hewlett-Packard Development Company, L.P. [Ver = 4.20.02.02 | Size = 9344 bytes | Modified Date = 9/19/2005 5:24:10 PM | Attr =	]
(HdAudAddService) Microsoft UAA Function Driver for High Definition Audio Service [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\CHDAud.sys -> Conexant Systems Inc. [Ver = 3.23.0.0 built by: WinDDK | Size = 572928 bytes | Modified Date = 6/1/2006 8:02:36 PM | Attr =	]
(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> %SystemRoot%\System32\DRIVERS\HDAudBus.sys -> Windows (R) Server 2003 DDK provider [Ver = 5.10.01.5013 built by: WinDDK | Size = 138752 bytes | Modified Date = 1/7/2005 8:07:18 PM | Attr =	]
(HSFHWAZL) HSFHWAZL [Kernel | On_Demand | Running] -> %SystemRoot%\System32\DRIVERS\HSFHWAZL.sys -> Conexant Systems, Inc. [Ver = 7.48.00 built by: WinDDK | Size = 208000 bytes | Modified Date = 4/19/2006 6:02:40 AM | Attr =	]
(HSF_DPV) HSF_DPV [Kernel | On_Demand | Running] -> %SystemRoot%\System32\DRIVERS\HSF_DPV.sys -> Conexant Systems, Inc. [Ver = 7.48.00 built by: WinDDK | Size = 995712 bytes | Modified Date = 4/19/2006 6:03:20 AM | Attr =	]
(iaStor) Intel AHCI Controller [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\iaStor.sys -> Intel Corporation [Ver = 5.5.0.1035 | Size = 874240 bytes | Modified Date = 10/13/2005 5:07:12 AM | Attr =	]
(IPSECEXT) Nortel Extranet Access Protocol [Kernel | Auto | Stopped] -> %SystemRoot%\System32\DRIVERS\ipsecw2k.sys -> Nortel Networks NA, Inc. [Ver = 04,86,0,102 | Size = 117760 bytes | Modified Date = 4/16/2004 3:34:56 PM | Attr =	]
(IPSECSHM) Nortel IPSECSHM Adapter [Kernel | On_Demand | Running] -> %SystemRoot%\System32\DRIVERS\ipsecw2k.sys -> Nortel Networks NA, Inc. [Ver = 04,86,0,102 | Size = 117760 bytes | Modified Date = 4/16/2004 3:34:56 PM | Attr =	]
(mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> %SystemRoot%\System32\DRIVERS\mdmxsdk.sys -> Conexant [Ver = 1.0.2.011 | Size = 12672 bytes | Modified Date = 2/14/2006 1:57:46 AM | Attr =	]
(mraid35x) mraid35x [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\mraid35x.sys -> American Megatrends Inc. [Ver = 6.19 (XPClient.010817-1148) | Size = 17280 bytes | Modified Date = 8/18/2001 12:52:12 AM | Attr =	]
(nv) nv [Kernel | On_Demand | Running] -> %SystemRoot%\System32\DRIVERS\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.10.8619 | Size = 3687552 bytes | Modified Date = 8/18/2006 4:00:00 AM | Attr =	]
(nvata) nvata [Kernel | Boot | Running] -> %SystemRoot%\system32\DRIVERS\nvata.sys -> NVIDIA Corporation [Ver = 5.10.2600.0650 built by: WinDDK | Size = 99584 bytes | Modified Date = 1/26/2006 8:04:16 PM | Attr =	]
(NVENETFD) NVIDIA nForce Networking Controller Driver [Kernel | On_Demand | Running] -> %SystemRoot%\System32\DRIVERS\NVENETFD.sys -> NVIDIA Corporation [Ver = 1.00.03.05024 | Size = 34176 bytes | Modified Date = 3/2/2006 8:31:02 PM | Attr =	]
(nvnetbus) NVIDIA Network Bus Enumerator [Kernel | On_Demand | Running] -> %SystemRoot%\System32\DRIVERS\nvnetbus.sys -> NVIDIA Corporation [Ver = 1.00.00.05024 | Size = 13056 bytes | Modified Date = 3/2/2006 8:31:04 PM | Attr =	]
(nvsmu) nvsmu [Kernel | On_Demand | Running] -> %SystemRoot%\System32\DRIVERS\nvsmu.sys -> NVIDIA Corporation [Ver = 5.10.2600.0114 built by: WinDDK | Size = 11136 bytes | Modified Date = 3/5/2006 7:49:36 PM | Attr =	]
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\System32\DRIVERS\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 3/16/2006 | Attr =	]
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\System32\Drivers\PxHelp20.sys -> Sonic Solutions [Ver = 2.03.32a | Size = 20640 bytes | Modified Date = 6/20/2005 8:05:58 PM | Attr =	]
(ql1080) ql1080 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\ql1080.sys -> QLogic Corporation [Ver = 3.04 | Size = 40320 bytes | Modified Date = 8/18/2001 12:52:20 AM | Attr =	]
(ql12160) ql12160 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\ql12160.sys -> QLogic Corporation [Ver = 7.13.02 (W64) | Size = 45312 bytes | Modified Date = 8/18/2001 12:52:20 AM | Attr =	]
(ql1280) ql1280 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\ql1280.sys -> QLogic Corporation [Ver = 7.13.01 (W2K) | Size = 49024 bytes | Modified Date = 8/18/2001 12:52:18 AM | Attr =	]
(rimmptsk) rimmptsk [Kernel | On_Demand | Running] -> %SystemRoot%\System32\DRIVERS\rimmptsk.sys -> REDC [Ver = 1.0.0.9 | Size = 28928 bytes | Modified Date = 11/16/2005 12:28:32 AM | Attr =	]
(rimsptsk) rimsptsk [Kernel | On_Demand | Running] -> %SystemRoot%\System32\DRIVERS\rimsptsk.sys -> REDC [Ver = 1.00.02.04 | Size = 51584 bytes | Modified Date = 10/31/2005 9:54:50 PM | Attr =	]
(rismxdp) Ricoh xD-Picture Card Driver [Kernel | On_Demand | Running] -> %SystemRoot%\System32\DRIVERS\rixdptsk.sys -> REDC [Ver = 1.00.02.08 | Size = 308992 bytes | Modified Date = 10/31/2005 10:08:00 PM | Attr =	]
(rtl8139) Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\RTL8139.SYS -> Realtek Semiconductor Corporation [Ver = 5.398.613.2003 built by: WinDDK | Size = 20992 bytes | Modified Date = 8/4/2004 2:31:34 AM | Attr =	]
(SBHR) SBHR [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\sbhr.sys ->  [Ver = 2.2.932.0 | Size = 15544 bytes | Modified Date = 5/19/2008 2:33:34 PM | Attr =	]
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 11/13/2007 6:25:53 AM | Attr =	]
(sisagp) SIS AGP Bus Filter [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\sisagp.sys -> Silicon Integrated Systems Corporation [Ver = 5.12.01.2010 (xpsp_sp2_rtm.040803-2158) | Size = 41088 bytes | Modified Date = 8/4/2004 10:07:44 AM | Attr =	]
(SONYPVU1) Sony USB Filter Driver (SONYPVU1) [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\SONYPVU1.SYS -> Sony Corporation [Ver = 1.3.0526.0 (XPClient.010817-1148) | Size = 7552 bytes | Modified Date = 8/17/2001 1:56:16 PM | Attr =	]
(Sparrow) Sparrow [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\sparrow.sys -> Adaptec, Inc. [Ver = v2.0a (ReleaseBinaries.001205-1804) | Size = 19072 bytes | Modified Date = 8/18/2001 1:07:44 AM | Attr =	]
(symc810) symc810 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\symc810.sys -> Symbios Logic Inc. [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 16256 bytes | Modified Date = 8/18/2001 1:07:34 AM | Attr =	]
(symc8xx) symc8xx [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\symc8xx.sys -> LSI Logic [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 32640 bytes | Modified Date = 8/18/2001 1:07:36 AM | Attr =	]
(sym_hi) sym_hi [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\sym_hi.sys -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 28384 bytes | Modified Date = 8/18/2001 1:07:40 AM | Attr =	]
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\sym_u3.sys -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 30688 bytes | Modified Date = 8/18/2001 1:07:42 AM | Attr =	]
(SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running] -> %SystemRoot%\System32\DRIVERS\SynTP.sys -> Synaptics, Inc. [Ver = 8.2.23 31Mar06 | Size = 193056 bytes | Modified Date = 4/1/2006 12:41:40 AM | Attr =	]
(UIUSys) Conexant Setup API [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\UIUSYS.SYS -> File not found
(ultra) ultra [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\ultra.sys -> Promise Technology, Inc. [Ver =  1.43 (Build 0603) | Size = 36736 bytes | Modified Date = 8/18/2001 12:52:22 AM | Attr =	]
(winachsf) winachsf [Kernel | On_Demand | Running] -> %SystemRoot%\System32\DRIVERS\HSF_CNXT.sys -> Conexant Systems, Inc. [Ver = 7.48.00 built by: WinDDK | Size = 727296 bytes | Modified Date = 4/19/2006 6:02:36 AM | Attr =	]
(SBAPIFS) SBAPIFS [File_System | On_Demand | Running] -> %SystemRoot%\system32\drivers\sbapifs.sys -> File not found

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
 ->  [] -> File not found
Adobe Photo Downloader -> %ProgramFiles%\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe ["C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"] -> Adobe Systems Incorporated [Ver = 3.0.0.49815 | Size = 57344 bytes | Modified Date = 6/7/2005 12:46:24 AM | Attr =	]
Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\Reader_sl.exe ["C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"] -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 39792 bytes | Modified Date = 1/11/2008 10:16:38 PM | Attr =	]
AVG8_TRAY -> %SystemDrive%\PROGRA~1\AVG\AVG8\avgtray.exe [C:\PROGRA~1\AVG\AVG8\avgtray.exe] -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.94 | Size = 1177368 bytes | Modified Date = 5/19/2008 9:03:37 PM | Attr =	]
High Definition Audio Property Page Shortcut -> CHDAudPropShortcut.exe [CHDAudPropShortcut.exe] -> File not found
HP Software Update -> %ProgramFiles%\Hp\HP Software Update\HPWuSchd2.exe [C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe] -> Hewlett-Packard Co. [Ver = 50.0.146.000 | Size = 49152 bytes | Modified Date = 2/16/2005 11:11:42 PM | Attr =	]
hpWirelessAssistant ->  [C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe] -> File not found
ISUSPM Startup -> %CommonProgramFiles%\InstallShield\UpdateService\isuspm.exe ["C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup] -> Macrovision Corporation [Ver = 4, 60, 100, 37068 | Size = 249856 bytes | Modified Date = 8/11/2005 7:30:30 PM | Attr =	]
ISUSScheduler -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe ["C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start] -> Macrovision Corporation [Ver = 4, 60, 100, 37068 | Size = 81920 bytes | Modified Date = 8/11/2005 7:30:30 PM | Attr =	]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe ["C:\Program Files\iTunes\iTunesHelper.exe"] -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 256576 bytes | Modified Date = 10/30/2006 10:36:36 AM | Attr =	]
MsmqIntCert ->  [regsvr32 /s mqrt.dll] -> File not found
NvCplDaemon -> %SystemRoot%\system32\nvcpl.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.10.8619 | Size = 7585792 bytes | Modified Date = 8/18/2006 4:00:00 AM | Attr =	]
NvMediaCenter -> %SystemRoot%\system32\nvmctray.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit] -> NVIDIA Corporation [Ver = 6.14.10.8619 | Size = 86016 bytes | Modified Date = 8/18/2006 4:00:00 AM | Attr =	]
nwiz -> nwiz.exe [nwiz.exe /installquiet /nodetect] -> File not found
QlbCtrl -> %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [%ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start] -> File not found
QPService -> %ProgramFiles%\HP\QuickPlay\QPService.exe ["C:\Program Files\HP\QuickPlay\QPService.exe"] -> CyberLink Corp. [Ver = 4.5.0.0000 | Size = 102400 bytes | Modified Date = 7/12/2006 12:55:34 AM | Attr =	]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe ["C:\Program Files\QuickTime\qttask.exe" -atboottime] -> Apple Computer, Inc. [Ver = 7.1.3 | Size = 282624 bytes | Modified Date = 10/25/2006 7:58:18 PM | Attr =	]
RecGuard -> %SystemRoot%\SMINST\RecGuard.exe [C:\Windows\SMINST\RecGuard.exe] ->  [Ver = 6, 0, 66, 5 | Size = 1187840 bytes | Modified Date = 10/11/2005 1:23:50 PM | Attr =	]
Reminder -> %SystemRoot%\CREATOR\Remind_XP.exe [C:\Windows\CREATOR\Remind_XP.exe] -> SoftThinks [Ver = 6, 0, 53, 2 | Size = 643072 bytes | Modified Date = 2/9/2006 12:52:14 PM | Attr =	]
SBCSTray -> %ProgramFiles%\Sunbelt Software\CounterSpy\SBCSTray.exe [C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe] -> Sunbelt Software [Ver = 2.2.1156.0 | Size = 698864 bytes | Modified Date = 12/21/2007 3:30:52 PM | Attr =	]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_05\bin\jusched.exe ["C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 144784 bytes | Modified Date = 2/22/2008 4:25:21 AM | Attr =	]
SynTPEnh -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [C:\Program Files\Synaptics\SynTP\SynTPEnh.exe] -> Synaptics, Inc. [Ver = 8.2.23 31Mar06 | Size = 761946 bytes | Modified Date = 4/1/2006 1:01:48 AM | Attr =	]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> 
IMAIL-> Installed = 1 -> 
MAPI-> Installed = 1 -> 
MSFS-> Installed = 1 -> 
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
QdrModule16 -> %ProgramFiles%\QdrModule\QdrModule16.exe ["C:\Program Files\QdrModule\QdrModule16.exe"] -> File not found
swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 6/29/2007 7:47:55 AM | Attr =	]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
%AllUsersProfile%\Start Menu\Programs\Startup\ClientManager3.lnk -> %ProgramFiles%\BUFFALO\Client Manager3\cm3_tray.exe -> BUFFALO INC. [Ver = 1, 0, 1, 8 | Size = 466944 bytes | Modified Date = 2/10/2006 1:23:00 AM | Attr =	]
%AllUsersProfile%\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk -> %ProgramFiles%\HP\Digital Imaging\bin\hpqthb08.exe -> Hewlett-Packard Development Company, L.P. [Ver = 060.000.155.000 | Size = 73728 bytes | Modified Date = 9/24/2005 12:39:30 PM | Attr =	]
< Stephanie Startup Folder > -> C:\Documents and Settings\Stephanie\Start Menu\Programs\Startup -> 
%UserProfile%\Start Menu\Programs\Startup\Vongo Tray.lnk -> %ProgramFiles%\Vongo\Tray.exe -> Starz [Ver = 1, 30, 0, 0 | Size = 73728 bytes | Modified Date = 5/9/2006 4:09:32 PM | Attr =	]
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> 
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> 
avgrsstx.dll -> %SystemRoot%\system32\avgrsstx.dll -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.80 | Size = 10520 bytes | Modified Date = 5/19/2008 9:03:54 PM | Attr =	]
*MultiFile Done* -> -> 
< IFEO [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ -> 
Your Image File Name Here without a path ->  [Debugger] -> File not found
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> Explorer.exe -> File not found
*MultiFile Done* -> -> 
*UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost -> 
logonui.exe -> logonui.exe -> File not found
*MultiFile Done* -> -> 
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> 
rundll32 shell32 ->  -> File not found
Control_RunDLL "sysdm.cpl" ->  -> File not found
*MultiFile Done* -> -> 
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{17492023-C23A-453E-A040-C7C580BBF700} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallVisualStyle -> C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles [C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles] -> Microsoft [Ver = 1, 0, 0, 1 | Size = 1347728 bytes | Modified Date = 8/10/2004 2:39:00 PM | Attr =	]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallTheme -> C:\WINDOWS\Resources\Themes\Royale.Theme [C:\WINDOWS\Resources\Themes\Royale.theme] ->  [Ver =  | Size = 1293 bytes | Modified Date = 7/28/2004 1:03:28 PM | Attr =	]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\DisableTaskMgr -> 0 -> 
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr -> 0 -> 
< CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> ->
*DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> 
SCSI miniport ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> system32\DRIVERS\cdrom.sys [system32\DRIVERS\cdrom.sys] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> 
*AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> 
NEC	 MBR-7	->  -> File not found
NEC	 MBR-7.4  ->  -> File not found
PIONEER CHANGR DRM-1804X ->  -> File not found
PIONEER CD-ROM DRM-6324X ->  -> File not found
PIONEER CD-ROM DRM-624X  ->  -> File not found
TORiSAN CD-ROM CDR_C36 ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomHL-DT-ST_DVDRAM_GSA-4084N_______________KQ09____\304b363935423138333320362020202020202020 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 1 -> 
< Drives - Autoruns > ->  -> 
AUTOEXEC.BAT [] -> D:\AUTOEXEC.BAT [ FAT32 ] ->  [Ver =  | Size = 0 bytes | Modified Date = 7/27/2001 10:07:38 PM | Attr =  HS]
Autorun.inf [[AUTORUN] | ShellExecute=Info.exe protect.ed 480 480 | ] -> D:\Autorun.inf [ FAT32 ] ->  [Ver =  | Size = 53 bytes | Modified Date = 4/30/2004 2:01:14 PM | Attr =  HS]
< HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.yahoo.com -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.yahoo.com -> 
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_CURRENT_USER\: Main\\Start Page -> http://news.yahoo.com/ -> 
HKEY_CURRENT_USER\: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn1\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2008, 1, 8, 1 | Size = 878352 bytes | Modified Date = 1/8/2008 6:37:04 PM | Attr =	]
HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn1\yt.dll [&Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2008, 1, 8, 1 | Size = 878352 bytes | Modified Date = 1/8/2008 6:37:04 PM | Attr =	]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 10/22/2006 11:08:42 PM | Attr =	]
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AVG\AVG8\avgssie.dll [AVG Safe Search] -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.90 | Size = 419096 bytes | Modified Date = 5/19/2008 9:03:39 PM | Attr =	]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 509328 bytes | Modified Date = 2/22/2008 4:25:19 AM | Attr =	]
{A057A204-BACC-4D26-9990-79A187E2698E} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AVG\AVG8\avgtoolbar.dll [AVG Security Toolbar] -> AVG, Technologies CZ, s.r.o				   [Ver = 5.0.2.387 | Size = 2050816 bytes | Modified Date = 5/19/2008 9:03:46 PM | Attr =	]
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 4/7/2007 9:37:13 AM | Attr = R  ]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll [Google Toolbar Notifier BHO] -> Google Inc. [Ver = 3, 0, 1225, 9868 | Size = 734704 bytes | Modified Date = 5/12/2008 9:24:59 PM | Attr =	]
{bc97b254-b2b9-4d40-971d-78e0978f5f26} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 4/7/2007 9:37:13 AM | Attr = R  ]
{A057A204-BACC-4D26-9990-79A187E2698E} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AVG\AVG8\avgtoolbar.dll [AVG Security Toolbar] -> AVG, Technologies CZ, s.r.o				   [Ver = 5.0.2.387 | Size = 2050816 bytes | Modified Date = 5/19/2008 9:03:46 PM | Attr =	]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn1\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2008, 1, 8, 1 | Size = 878352 bytes | Modified Date = 1/8/2008 6:37:04 PM | Attr =	]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 4/7/2007 9:37:13 AM | Attr = R  ]
WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AVG\AVG8\avgtoolbar.dll [AVG Security Toolbar] -> AVG, Technologies CZ, s.r.o				   [Ver = 5.0.2.387 | Size = 2050816 bytes | Modified Date = 5/19/2008 9:03:46 PM | Attr =	]
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn1\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2008, 1, 8, 1 | Size = 878352 bytes | Modified Date = 1/8/2008 6:37:04 PM | Attr =	]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 132496 bytes | Modified Date = 2/22/2008 4:25:19 AM | Attr =	]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_05\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 509328 bytes | Modified Date = 2/22/2008 4:25:19 AM | Attr =	]
{e2e2dd38-d088-4134-82b7-f2ba38496583}:Exec -> %windir%\Network Diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> File not found
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 132496 bytes | Modified Date = 2/22/2008 4:25:19 AM | Attr =	]
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 
E&xport to Microsoft Excel ->  -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{25086017-E694-419A-8B42-30D7EE4B43F4} ->	(NVIDIA nForce Networking Controller) -> 
{B2434871-BA73-493E-BA42-8ADBDB3D157E} ->	(1394 Net Adapter) -> 
{DDE3DDEA-EDB5-421B-B3C1-8FE311E0AFA7} ->	() -> 
{EDD2B832-BCF2-426F-9E2F-BFE30E7D30EF} ->	(Broadcom 802.11b/g WLAN) -> 
{F7665BFE-6F85-4B59-B1AE-E1B50DD424E0} ->	() -> 
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
linkscanner:{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AVG\AVG8\avgpp.dll[XPLPPFilter Class] -> AVG Technologies CZ, s.r.o. [Ver =  | Size = 79128 bytes | Modified Date = 5/19/2008 9:03:45 PM | Attr =	]
msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
< Protocol Filters [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ -> 
text/html:{07851C6A-1C43-41d9-8319-BC89154A8C00}[HKEY_LOCAL_MACHINE] -> %ProgramFiles%\RcvSystem\httpdchk.dll[Reg Error: Value  does not exist or could not be read.] -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{233C1507-6A77-46A4-9443-F871F945D258}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab[Shockwave ActiveX Control] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> 
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab[Java Plug-in 1.5.0_06] -> 
{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab[Java Plug-in 1.5.0_11] -> 
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab[Java Plug-in 1.6.0_02] -> 
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> 
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> 
< Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ not found. -> -> 


[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> N -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\\DoNotAllowXPSP2 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\\EnableFirewall -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> 
msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 3/16/2006 | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> 0  [binary data] -> 
*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> 
kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 6/15/2005 1:49:30 PM | Attr =	]
msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 3/16/2006 | Attr =	]
schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 4/25/2007 10:21:15 AM | Attr =	]
wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2874 (xpsp_sp2_gdr.060323-1516) | Size = 49152 bytes | Modified Date = 3/24/2006 12:37:50 AM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 1788 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing ->  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> 
*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> 
scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 3/16/2006 | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> 
*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> 
Windows NT Access Provider ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 3/16/2006 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> 9E 88 B9 EF AD F6 6F 41 6D F9 55 75 17 04 E4 31 62 39 61 30 36 30 36 32 00 00 00 00 F7 C4 00 00 18 CA 06 00 99 D0 BF 71 04 CA 06 00 10 00 00 00 00 00 00 00 4B 16 20 25 CB 8E A0 AF D3 20 B1 B9  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> 47 90 74 FF 91 FE 7D 8C 5D  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> 7B 86 BE 63 11 D4  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> C:\WINDOWS\system32\iissuba.dll [IISSUBA] -> Microsoft Corporation [Ver = 6.0.2600.0 (xpclient.010817-1148) | Size = 9216 bytes | Modified Date = 3/16/2006 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> DB C2 9D 5E 4F 76 D2 43 28 44 CF FA 55 1B AE 46  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> A4 E8 98 74 39 DC C6 01  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> 00 60 8C 18 AE 48 C6 01  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> 00 60 8C 18 AE 48 C6 01  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> 00 60 8C 18 AE 48 C6 01  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k netsvcs] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 44533 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 3/16/2006 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\\ ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\\ ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\\ ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %windir%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\mqsvc.exe -> C:\WINDOWS\system32\mqsvc.exe [C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing] -> Microsoft Corporation [Ver = 5.01.1108 | Size = 4608 bytes | Modified Date = 3/16/2006 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\ ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Vongo\VongoService.exe -> C:\Program Files\Vongo\VongoService.exe [C:\Program Files\Vongo\VongoService.exe:*:enabled:VongoService] -> Starz Entertainment Group LLC [Ver = 1, 25, 0, 0 | Size = 176128 bytes | Modified Date = 5/9/2006 4:11:10 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %windir%\Network Diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10280:UDP -> 10280:UDP:LocalSubNet:Enabled:Windows Media Connect -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10281:UDP -> 10281:UDP:LocalSubNet:Enabled:Windows Media Connect -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10282:UDP -> 10282:UDP:LocalSubNet:Enabled:Windows Media Connect -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10283:UDP -> 10283:UDP:LocalSubNet:Enabled:Windows Media Connect -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10284:UDP -> 10284:UDP:LocalSubNet:Enabled:Windows Media Connect -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10243:TCP -> 10243:TCP:LocalSubNet:Enabled:Windows Media Connect -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:*:Enabled:@xpsp2res.dll,-22004 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:*:Enabled:@xpsp2res.dll,-22005 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:*:Enabled:@xpsp2res.dll,-22001 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:*:Enabled:@xpsp2res.dll,-22002 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %windir%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\mqsvc.exe -> C:\WINDOWS\system32\mqsvc.exe [C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing] -> Microsoft Corporation [Ver = 5.01.1108 | Size = 4608 bytes | Modified Date = 3/16/2006 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\EarthLink TotalAccess\TaskPanl.exe -> C:\Program Files\EarthLink TotalAccess\TaskPanl.exe [C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Grisoft\AVG Free\avginet.exe -> C:\Program Files\Grisoft\AVG Free\avginet.exe [C:\Program Files\Grisoft\AVG Free\avginet.exe:*:Enabled:avginet.exe] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Grisoft\AVG Free\avgamsvr.exe -> C:\Program Files\Grisoft\AVG Free\avgamsvr.exe [C:\Program Files\Grisoft\AVG Free\avgamsvr.exe:*:Enabled:avgamsvr.exe] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Grisoft\AVG Free\avgcc.exe -> C:\Program Files\Grisoft\AVG Free\avgcc.exe [C:\Program Files\Grisoft\AVG Free\avgcc.exe:*:Enabled:avgcc.exe] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Nortel Networks\Extranet.exe -> C:\Program Files\Nortel Networks\Extranet.exe [C:\Program Files\Nortel Networks\Extranet.exe:*:Enabled:Contivity VPN Client] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\iTunes\iTunes.exe -> C:\Program Files\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 15338560 bytes | Modified Date = 10/30/2006 10:36:32 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Messenger\msmsgs.exe -> C:\Program Files\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger] -> Microsoft Corporation [Ver = 4.7.3001 | Size = 1694208 bytes | Modified Date = 10/13/2004 12:24:37 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %windir%\Network Diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\KETS Enterprise VPN\Extranet.exe -> C:\Program Files\KETS Enterprise VPN\Extranet.exe [C:\Program Files\KETS Enterprise VPN\Extranet.exe:*:Enabled:Contivity VPN Client] -> Nortel Networks NA, Inc. [Ver = 04,86,0,102 | Size = 643072 bytes | Modified Date = 4/16/2004 3:26:56 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\BUFFALO\Client Manager3\AOSS\aoss.exe -> C:\Program Files\BUFFALO\Client Manager3\AOSS\aoss.exe [C:\Program Files\BUFFALO\Client Manager3\AOSS\aoss.exe:*:Enabled:Aoss] ->  [Ver = 1, 0, 1, 1 | Size = 176128 bytes | Modified Date = 12/13/2005 7:19:00 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\AVG\AVG8\avgupd.exe -> C:\Program Files\AVG\AVG8\avgupd.exe [C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe] -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.80 | Size = 796440 bytes | Modified Date = 5/19/2008 9:03:37 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\AVG\AVG8\avgemc.exe -> C:\Program Files\AVG\AVG8\avgemc.exe [C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe] -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.80 | Size = 902424 bytes | Modified Date = 5/19/2008 9:03:37 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10280:UDP -> 10280:UDP:LocalSubNet:Enabled:Windows Media Connect -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10281:UDP -> 10281:UDP:LocalSubNet:Enabled:Windows Media Connect -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10282:UDP -> 10282:UDP:LocalSubNet:Enabled:Windows Media Connect -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10283:UDP -> 10283:UDP:LocalSubNet:Enabled:Windows Media Connect -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10284:UDP -> 10284:UDP:LocalSubNet:Enabled:Windows Media Connect -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10243:TCP -> 10243:TCP:LocalSubNet:Enabled:Windows Media Connect -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %systemroot%\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 3/16/2006 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. -> 
*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService -> 
RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/26/2005 12:39:49 AM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k LocalService] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 4 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 E0 AD 08 00 01 00 00 00 E8 03 00 00  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> C:\WINDOWS\system32\regsvc.dll [%SystemRoot%\system32\regsvc.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 59904 bytes | Modified Date = 3/16/2006 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 4 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> C:\WINDOWS\system32\tlntsvr.exe [C:\WINDOWS\system32\tlntsvr.exe] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 73216 bytes | Modified Date = 3/16/2006 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet -> 
*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService -> 
RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/26/2005 12:39:49 AM | Attr =	]
TCPIP ->  -> File not found
NTLMSSP ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> 


[Files/Folders - Created Within 30 days]
$AVG8.VAULT$ -> %SystemDrive%\$AVG8.VAULT$ ->  [Folder | Created Date = 5/19/2008 9:08:32 PM | Attr =  H ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 1038725120 bytes | Created Date = 5/22/2008 12:31:44 PM | Attr =  HS]
Temp -> %SystemDrive%\Temp ->  [Folder | Created Date = 5/17/2008 4:37:32 PM | Attr =	]
Avg -> %SystemRoot%\System32\drivers\Avg ->  [Folder | Created Date = 5/19/2008 9:03:47 PM | Attr =	]
avi7.avg -> %SystemRoot%\System32\drivers\Avg\avi7.avg ->  [Ver =  | Size = 5618689 bytes | Created Date = 5/19/2008 9:03:47 PM | Attr =	]
incavi.avm -> %SystemRoot%\System32\drivers\Avg\incavi.avm ->  [Ver =  | Size = 24090601 bytes | Created Date = 5/19/2008 9:03:48 PM | Attr =	]
microavi.avg -> %SystemRoot%\System32\drivers\Avg\microavi.avg ->  [Ver =  | Size = 28920 bytes | Created Date = 5/19/2008 9:03:48 PM | Attr =	]
miniavi.avg -> %SystemRoot%\System32\drivers\Avg\miniavi.avg ->  [Ver =  | Size = 838585 bytes | Created Date = 5/19/2008 9:03:48 PM | Attr =	]
avgldx86.sys -> %SystemRoot%\System32\drivers\avgldx86.sys -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.58 | Size = 96520 bytes | Created Date = 5/19/2008 9:03:53 PM | Attr =	]
avgmfx86.sys -> %SystemRoot%\System32\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 8.0.0.46 | Size = 26184 bytes | Created Date = 5/19/2008 9:03:52 PM | Attr =	]
avgtdix.sys -> %SystemRoot%\System32\drivers\avgtdix.sys -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.87 | Size = 75272 bytes | Created Date = 5/19/2008 9:03:53 PM | Attr =	]
sbhr.sys -> %SystemRoot%\System32\drivers\sbhr.sys ->  [Ver = 2.2.932.0 | Size = 15544 bytes | Created Date = 5/19/2008 2:33:34 PM | Attr =	]
avgrsstx.dll -> %SystemRoot%\System32\avgrsstx.dll -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.80 | Size = 10520 bytes | Created Date = 5/19/2008 9:03:54 PM | Attr =	]
blackster.scr -> %SystemRoot%\System32\blackster.scr -> Peter's Productions [Ver = 2.00.0002 | Size = 160256 bytes | Created Date = 5/17/2008 4:38:11 PM | Attr =	]
clbinit.dll -> %SystemRoot%\System32\clbinit.dll ->  [Ver =  | Size = 1695 bytes | Created Date = 5/17/2008 10:24:42 PM | Attr =	]
dFrnx06 -> %SystemRoot%\System32\dFrnx06 ->  [Folder | Created Date = 5/17/2008 4:37:32 PM | Attr =	]
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
hljwugsf.bin -> %SystemRoot%\System32\hljwugsf.bin ->  [Ver =  | Size = 4 bytes | Created Date = 5/17/2008 4:37:11 PM | Attr =	]
SBFC.dat -> %SystemRoot%\System32\SBFC.dat ->  [Ver =  | Size = 0 bytes | Created Date = 5/19/2008 7:37:36 PM | Attr =	]
SBRC.dat -> %SystemRoot%\System32\SBRC.dat ->  [Ver =  | Size = 0 bytes | Created Date = 5/19/2008 7:37:36 PM | Attr =	]
delnew.exe -> %SystemRoot%\System\delnew.exe ->  [Ver =  | Size = 7680 bytes | Created Date = 5/18/2008 10:05:26 PM | Attr =	]
run.exe -> %SystemRoot%\System\run.exe ->  [Ver =  | Size = 20992 bytes | Created Date = 5/19/2008 9:36:08 AM | Attr =	]
astctl32.ocx -> %SystemRoot%\astctl32.ocx ->  [Ver =  | Size = 13312 bytes | Created Date = 5/17/2008 5:01:51 PM | Attr =	]
CSC -> %SystemRoot%\CSC ->  [Folder | Created Date = 5/18/2008 9:23:55 AM | Attr =	]
1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
ctfmon32.exe -> %SystemRoot%\ctfmon32.exe ->  [Ver =  | Size = 30976 bytes | Created Date = 5/17/2008 5:01:53 PM | Attr =	]
ctrlpan.dll -> %SystemRoot%\ctrlpan.dll ->  [Ver =  | Size = 25600 bytes | Created Date = 5/17/2008 5:01:53 PM | Attr =	]
directx32.exe -> %SystemRoot%\directx32.exe ->  [Ver =  | Size = 22016 bytes | Created Date = 5/17/2008 5:01:53 PM | Attr =	]
dnsrelay.dll -> %SystemRoot%\dnsrelay.dll ->  [Ver =  | Size = 31488 bytes | Created Date = 5/17/2008 5:01:54 PM | Attr =	]
explorer32.exe -> %SystemRoot%\explorer32.exe ->  [Ver =  | Size = 16128 bytes | Created Date = 5/17/2008 5:01:54 PM | Attr =	]
funniest.exe -> %SystemRoot%\funniest.exe ->  [Ver =  | Size = 26624 bytes | Created Date = 5/17/2008 5:01:54 PM | Attr =	]
funny.exe -> %SystemRoot%\funny.exe ->  [Ver =  | Size = 14592 bytes | Created Date = 5/17/2008 5:01:55 PM | Attr =	]
gfmnaaa.dll -> %SystemRoot%\gfmnaaa.dll ->  [Ver =  | Size = 25088 bytes | Created Date = 5/17/2008 5:01:55 PM | Attr =	]
helpcvs.exe -> %SystemRoot%\helpcvs.exe ->  [Ver =  | Size = 21248 bytes | Created Date = 5/17/2008 5:01:55 PM | Attr =	]
hosts -> %SystemRoot%\hosts ->  [Ver =  | Size = 16636 bytes | Created Date = 5/19/2008 9:07:05 PM | Attr =	]
inetinf.exe -> %SystemRoot%\inetinf.exe ->  [Ver =  | Size = 20992 bytes | Created Date = 5/17/2008 5:01:56 PM | Attr =	]
msconfd.dll -> %SystemRoot%\msconfd.dll ->  [Ver =  | Size = 14848 bytes | Created Date = 5/17/2008 5:01:56 PM | Attr =	]
msspi.dll -> %SystemRoot%\msspi.dll ->  [Ver =  | Size = 8960 bytes | Created Date = 5/17/2008 5:01:56 PM | Attr =	]
mswsc10.dll -> %SystemRoot%\mswsc10.dll ->  [Ver =  | Size = 11264 bytes | Created Date = 5/17/2008 5:01:57 PM | Attr =	]
mswsc20.dll -> %SystemRoot%\mswsc20.dll ->  [Ver =  | Size = 28160 bytes | Created Date = 5/17/2008 5:01:57 PM | Attr =	]
QTFont.for -> %SystemRoot%\QTFont.for ->  [Ver =  | Size = 1409 bytes | Created Date = 5/8/2008 3:44:59 PM | Attr =	]
QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Created Date = 5/8/2008 3:44:59 PM | Attr =  H ]
rundll32.vbe -> %SystemRoot%\rundll32.vbe ->  [Ver =  | Size = 17664 bytes | Created Date = 5/17/2008 5:01:58 PM | Attr =	]
searchword.dll -> %SystemRoot%\searchword.dll ->  [Ver =  | Size = 26112 bytes | Created Date = 5/17/2008 5:01:58 PM | Attr =	]
sistem.exe -> %SystemRoot%\sistem.exe ->  [Ver =  | Size = 24576 bytes | Created Date = 5/17/2008 5:01:58 PM | Attr =	]
time.exe -> %SystemRoot%\time.exe ->  [Ver =  | Size = 9472 bytes | Created Date = 5/17/2008 5:01:59 PM | Attr =	]
xplugin.dll -> %SystemRoot%\xplugin.dll ->  [Ver =  | Size = 9216 bytes | Created Date = 5/17/2008 5:02:01 PM | Attr =	]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
avg8 -> %AllUsersProfile%\Application Data\avg8 ->  [Folder | Created Date = 5/19/2008 9:03:36 PM | Attr =	]
Spybot - Search & Destroy -> %AllUsersProfile%\Application Data\Spybot - Search & Destroy ->  [Folder | Created Date = 5/19/2008 9:00:54 AM | Attr =	]
Sunbelt Software -> %AllUsersProfile%\Application Data\Sunbelt Software ->  [Folder | Created Date = 5/19/2008 2:24:33 PM | Attr =	]
AVGTOOLBAR -> %AppData%\AVGTOOLBAR ->  [Folder | Created Date = 5/19/2008 9:03:47 PM | Attr =	]
Sunbelt Software -> %AppData%\Sunbelt Software ->  [Folder | Created Date = 5/19/2008 2:24:39 PM | Attr =	]
1English.wps -> %UserProfile%\My Documents\1English.wps ->  [Ver =  | Size = 17408 bytes | Created Date = 5/14/2008 4:22:52 PM | Attr =	]
1Untitled Document.wps -> %UserProfile%\My Documents\1Untitled Document.wps ->  [Ver =  | Size = 9728 bytes | Created Date = 5/14/2008 9:00:29 PM | Attr =	]
English -> %UserProfile%\My Documents\English ->  [Folder | Created Date = 5/14/2008 3:59:39 PM | Attr =	]
AVG Free 8.0.lnk -> %AllUsersProfile%\Desktop\AVG Free 8.0.lnk ->  [Ver =  | Size = 1507 bytes | Created Date = 5/19/2008 9:03:54 PM | Attr =	]
CounterSpy.lnk -> %AllUsersProfile%\Desktop\CounterSpy.lnk ->  [Ver =  | Size = 1821 bytes | Created Date = 5/19/2008 2:24:25 PM | Attr =	]
ATF-Cleaner.exe -> %UserProfile%\Desktop\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Created Date = 5/28/2008 9:23:58 AM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\ATF-Cleaner.exe:Zone.Identifier
HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk ->  [Ver =  | Size = 1734 bytes | Created Date = 5/19/2008 2:05:03 PM | Attr =	]
OTScanIt -> %UserProfile%\Desktop\OTScanIt ->  [Folder | Created Date = 5/28/2008 9:26:29 AM | Attr =	]
OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe ->  [Ver =  | Size = 544843 bytes | Created Date = 5/28/2008 9:25:46 AM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTScanIt.exe:Zone.Identifier
AVG -> %ProgramFiles%\AVG ->  [Folder | Created Date = 5/19/2008 9:03:37 PM | Attr =	]
RcvSystem -> %ProgramFiles%\RcvSystem ->  [Folder | Created Date = 5/18/2008 10:05:25 PM | Attr =	]
Spybot - Search & Destroy -> %ProgramFiles%\Spybot - Search & Destroy ->  [Folder | Created Date = 5/19/2008 9:00:54 AM | Attr =	]
Sunbelt Software -> %ProgramFiles%\Sunbelt Software ->  [Folder | Created Date = 5/19/2008 2:24:01 PM | Attr =	]
Trend Micro -> %ProgramFiles%\Trend Micro ->  [Folder | Created Date = 5/19/2008 2:05:02 PM | Attr =	]

[Files/Folders - Modified Within 30 days]
$AVG8.VAULT$ -> %SystemDrive%\$AVG8.VAULT$ ->  [Folder | Modified Date = 5/28/2008 9:04:11 AM | Attr =  H ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 1038725120 bytes | Modified Date = 5/27/2008 8:10:45 PM | Attr =  HS]
hpqp.ini -> %SystemDrive%\hpqp.ini ->  [Ver =  | Size = 1660 bytes | Modified Date = 5/28/2008 8:22:35 AM | Attr =	]
Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 5/19/2008 9:03:57 PM | Attr =	]
RECYCLER -> %SystemDrive%\RECYCLER ->  [Folder | Modified Date = 5/22/2008 8:06:34 AM | Attr =  HS]
System Volume Information -> %SystemDrive%\System Volume Information ->  [Folder | Modified Date = 5/17/2008 4:39:15 PM | Attr =  HS]
Temp -> %SystemDrive%\Temp ->  [Folder | Modified Date = 5/17/2008 4:37:32 PM | Attr =	]
WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 5/27/2008 8:11:20 PM | Attr =	]
XP_TV.ini -> %SystemDrive%\XP_TV.ini ->  [Ver =  | Size = 39 bytes | Modified Date = 5/27/2008 8:11:02 PM | Attr =	]
Avg -> %SystemRoot%\System32\drivers\Avg ->  [Folder | Modified Date = 5/28/2008 8:42:41 AM | Attr =	]
avi7.avg -> %SystemRoot%\System32\drivers\Avg\avi7.avg ->  [Ver =  | Size = 5618689 bytes | Modified Date = 5/19/2008 9:03:48 PM | Attr =	]
incavi.avm -> %SystemRoot%\System32\drivers\Avg\incavi.avm ->  [Ver =  | Size = 24090601 bytes | Modified Date = 5/28/2008 8:42:39 AM | Attr =	]
microavi.avg -> %SystemRoot%\System32\drivers\Avg\microavi.avg ->  [Ver =  | Size = 28920 bytes | Modified Date = 5/25/2008 8:10:46 AM | Attr =	]
miniavi.avg -> %SystemRoot%\System32\drivers\Avg\miniavi.avg ->  [Ver =  | Size = 838585 bytes | Modified Date = 5/22/2008 12:33:58 PM | Attr =	]
avgldx86.sys -> %SystemRoot%\System32\drivers\avgldx86.sys -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.58 | Size = 96520 bytes | Modified Date = 5/19/2008 9:03:53 PM | Attr =	]
avgmfx86.sys -> %SystemRoot%\System32\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 8.0.0.46 | Size = 26184 bytes | Modified Date = 5/19/2008 9:03:52 PM | Attr =	]
avgtdix.sys -> %SystemRoot%\System32\drivers\avgtdix.sys -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.87 | Size = 75272 bytes | Modified Date = 5/19/2008 9:03:53 PM | Attr =	]
sbhr.sys -> %SystemRoot%\System32\drivers\sbhr.sys ->  [Ver = 2.2.932.0 | Size = 15544 bytes | Modified Date = 5/19/2008 2:33:34 PM | Attr =	]
avgrsstx.dll -> %SystemRoot%\System32\avgrsstx.dll -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.80 | Size = 10520 bytes | Modified Date = 5/19/2008 9:03:54 PM | Attr =	]
blackster.scr -> %SystemRoot%\System32\blackster.scr -> Peter's Productions [Ver = 2.00.0002 | Size = 160256 bytes | Modified Date = 5/19/2008 9:04:50 AM | Attr =	]
CatRoot2 -> %SystemRoot%\System32\CatRoot2 ->  [Folder | Modified Date = 5/19/2008 9:23:34 AM | Attr =	]
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
clbinit.dll -> %SystemRoot%\System32\clbinit.dll ->  [Ver =  | Size = 1695 bytes | Modified Date = 5/19/2008 2:31:17 PM | Attr =	]
dFrnx06 -> %SystemRoot%\System32\dFrnx06 ->  [Folder | Modified Date = 5/18/2008 9:11:24 AM | Attr =	]
dllcache -> %SystemRoot%\System32\dllcache ->  [Folder | Modified Date = 5/17/2008 4:38:27 PM | Attr = RHS]
drivers -> %SystemRoot%\System32\drivers ->  [Folder | Modified Date = 5/27/2008 8:11:31 PM | Attr =	]
hljwugsf.bin -> %SystemRoot%\System32\hljwugsf.bin ->  [Ver =  | Size = 4 bytes | Modified Date = 5/17/2008 4:37:11 PM | Attr =	]
nvapps.xml -> %SystemRoot%\System32\nvapps.xml ->  [Ver =  | Size = 51048 bytes | Modified Date = 5/27/2008 8:10:59 PM | Attr =	]
SBFC.dat -> %SystemRoot%\System32\SBFC.dat ->  [Ver =  | Size = 0 bytes | Modified Date = 5/19/2008 7:37:36 PM | Attr =	]
SBRC.dat -> %SystemRoot%\System32\SBRC.dat ->  [Ver =  | Size = 0 bytes | Modified Date = 5/19/2008 7:37:36 PM | Attr =	]
wpa.dbl -> %SystemRoot%\System32\wpa.dbl ->  [Ver =  | Size = 1158 bytes | Modified Date = 5/27/2008 8:12:03 PM | Attr =	]
delnew.exe -> %SystemRoot%\System\delnew.exe ->  [Ver =  | Size = 7680 bytes | Modified Date = 5/19/2008 9:36:07 AM | Attr =	]
run.exe -> %SystemRoot%\System\run.exe ->  [Ver =  | Size = 20992 bytes | Modified Date = 5/19/2008 9:36:08 AM | Attr =	]
$hf_mig$ -> %SystemRoot%\$hf_mig$ ->  [Folder | Modified Date = 5/14/2008 7:31:12 AM | Attr =  H ]
1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
astctl32.ocx -> %SystemRoot%\astctl32.ocx ->  [Ver =  | Size = 13312 bytes | Modified Date = 5/17/2008 5:01:51 PM | Attr =	]
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 5/27/2008 8:10:49 PM | Attr =   S]
CSC -> %SystemRoot%\CSC ->  [Folder | Modified Date = 5/18/2008 9:23:55 AM | Attr =	]
ctfmon32.exe -> %SystemRoot%\ctfmon32.exe ->  [Ver =  | Size = 30976 bytes | Modified Date = 5/17/2008 5:01:53 PM | Attr =	]
ctrlpan.dll -> %SystemRoot%\ctrlpan.dll ->  [Ver =  | Size = 25600 bytes | Modified Date = 5/17/2008 5:01:53 PM | Attr =	]
directx32.exe -> %SystemRoot%\directx32.exe ->  [Ver =  | Size = 22016 bytes | Modified Date = 5/17/2008 5:01:53 PM | Attr =	]
dnsrelay.dll -> %SystemRoot%\dnsrelay.dll ->  [Ver =  | Size = 31488 bytes | Modified Date = 5/17/2008 5:01:54 PM | Attr =	]
explorer32.exe -> %SystemRoot%\explorer32.exe ->  [Ver =  | Size = 16128 bytes | Modified Date = 5/17/2008 5:01:54 PM | Attr =	]
funniest.exe -> %SystemRoot%\funniest.exe ->  [Ver =  | Size = 26624 bytes | Modified Date = 5/17/2008 5:01:54 PM | Attr =	]
funny.exe -> %SystemRoot%\funny.exe ->  [Ver =  | Size = 14592 bytes | Modified Date = 5/17/2008 5:01:55 PM | Attr =	]
gfmnaaa.dll -> %SystemRoot%\gfmnaaa.dll ->  [Ver =  | Size = 25088 bytes | Modified Date = 5/17/2008 5:01:55 PM | Attr =	]
helpcvs.exe -> %SystemRoot%\helpcvs.exe ->  [Ver =  | Size = 21248 bytes | Modified Date = 5/17/2008 5:01:55 PM | Attr =	]
hosts -> %SystemRoot%\hosts ->  [Ver =  | Size = 16636 bytes | Modified Date = 5/19/2008 9:07:05 PM | Attr =	]
inetinf.exe -> %SystemRoot%\inetinf.exe ->  [Ver =  | Size = 20992 bytes | Modified Date = 5/17/2008 5:01:56 PM | Attr =	]
inf -> %SystemRoot%\inf ->  [Folder | Modified Date = 5/18/2008 9:49:00 AM | Attr =  H ]
Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 5/19/2008 9:02:18 PM | Attr =  HS]
msconfd.dll -> %SystemRoot%\msconfd.dll ->  [Ver =  | Size = 14848 bytes | Modified Date = 5/17/2008 5:01:56 PM | Attr =	]
msspi.dll -> %SystemRoot%\msspi.dll ->  [Ver =  | Size = 8960 bytes | Modified Date = 5/17/2008 5:01:56 PM | Attr =	]
mswsc10.dll -> %SystemRoot%\mswsc10.dll ->  [Ver =  | Size = 11264 bytes | Modified Date = 5/17/2008 5:01:57 PM | Attr =	]
mswsc20.dll -> %SystemRoot%\mswsc20.dll ->  [Ver =  | Size = 28160 bytes | Modified Date = 5/17/2008 5:01:57 PM | Attr =	]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 5/28/2008 9:27:09 AM | Attr =	]
QTFont.for -> %SystemRoot%\QTFont.for ->  [Ver =  | Size = 1409 bytes | Modified Date = 5/8/2008 3:44:59 PM | Attr =	]
QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Modified Date = 5/19/2008 9:23:42 AM | Attr =  H ]
Registration -> %SystemRoot%\Registration ->  [Folder | Modified Date = 5/27/2008 8:11:28 PM | Attr =	]
rundll32.vbe -> %SystemRoot%\rundll32.vbe ->  [Ver =  | Size = 17664 bytes | Modified Date = 5/17/2008 5:01:58 PM | Attr =	]
searchword.dll -> %SystemRoot%\searchword.dll ->  [Ver =  | Size = 26112 bytes | Modified Date = 5/17/2008 5:01:58 PM | Attr =	]
sistem.exe -> %SystemRoot%\sistem.exe ->  [Ver =  | Size = 24576 bytes | Modified Date = 5/17/2008 5:01:58 PM | Attr =	]
system -> %SystemRoot%\system ->  [Folder | Modified Date = 5/19/2008 10:16:56 AM | Attr =	]
system32 -> %SystemRoot%\system32 ->  [Folder | Modified Date = 5/19/2008 10:01:11 PM | Attr =	]
temp -> %SystemRoot%\temp ->  [Folder | Modified Date = 5/28/2008 9:28:50 AM | Attr =	]
time.exe -> %SystemRoot%\time.exe ->  [Ver =  | Size = 9472 bytes | Modified Date = 5/17/2008 5:01:59 PM | Attr =	]
WININIT.INI -> %SystemRoot%\WININIT.INI ->  [Ver =  | Size = 292 bytes | Modified Date = 5/19/2008 9:38:04 AM | Attr =	]
WinSxS -> %SystemRoot%\WinSxS ->  [Folder | Modified Date = 5/19/2008 9:02:17 PM | Attr =	]
xplugin.dll -> %SystemRoot%\xplugin.dll ->  [Ver =  | Size = 9216 bytes | Modified Date = 5/17/2008 5:02:01 PM | Attr =	]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job ->  [Ver =  | Size = 284 bytes | Modified Date = 5/5/2008 11:44:00 AM | Attr =	]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 5/27/2008 8:10:51 PM | Attr =  H ]
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader ->  [Folder | Modified Date = 9/19/2006 6:29:01 PM | Attr =	]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 5522 bytes | Modified Date = 5/27/2008 8:12:54 PM | Attr =	]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 5522 bytes | Modified Date = 5/27/2008 8:12:54 PM | Attr =	]
C:\Documents and Settings\All Users\Application Data\Microsoft\Works\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works ->  [Folder | Modified Date = 5/14/2008 8:11:14 PM | Attr =	]
wkcalcat.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wkcalcat.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 1/2/2007 2:21:03 PM | Attr =	]
wklntsk1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wklntsk1.dat ->  [Ver =  | Size = 166221 bytes | Modified Date = 1/2/2007 5:04:42 PM | Attr =	]
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
avg8 -> %AllUsersProfile%\Application Data\avg8 ->  [Folder | Modified Date = 5/19/2008 9:03:36 PM | Attr =	]
Spybot - Search & Destroy -> %AllUsersProfile%\Application Data\Spybot - Search & Destroy ->  [Folder | Modified Date = 5/19/2008 2:26:53 PM | Attr =	]
Sunbelt Software -> %AllUsersProfile%\Application Data\Sunbelt Software ->  [Folder | Modified Date = 5/19/2008 2:24:33 PM | Attr =	]
AVGTOOLBAR -> %AppData%\AVGTOOLBAR ->  [Folder | Modified Date = 5/27/2008 8:15:18 PM | Attr =	]
Microsoft -> %AppData%\Microsoft ->  [Folder | Modified Date = 5/19/2008 8:58:49 PM | Attr =   S]
Sunbelt Software -> %AppData%\Sunbelt Software ->  [Folder | Modified Date = 5/19/2008 2:24:39 PM | Attr =	]
wklnhst.dat -> %AppData%\wklnhst.dat ->  [Ver =  | Size = 17272 bytes | Modified Date = 5/14/2008 9:00:29 PM | Attr =	]
ApplicationHistory -> %UserProfile%\Local Settings\Application Data\ApplicationHistory ->  [Folder | Modified Date = 5/27/2008 8:11:20 PM | Attr =	]
IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db ->  [Ver =  | Size = 6417834 bytes | Modified Date = 5/26/2008 7:49:25 PM | Attr =  H ]
Microsoft -> %UserProfile%\Local Settings\Application Data\Microsoft ->  [Folder | Modified Date = 5/19/2008 8:58:49 PM | Attr =	]
1English.wps -> %UserProfile%\My Documents\1English.wps ->  [Ver =  | Size = 17408 bytes | Modified Date = 5/14/2008 4:41:12 PM | Attr =	]
1Untitled Document.wps -> %UserProfile%\My Documents\1Untitled Document.wps ->  [Ver =  | Size = 9728 bytes | Modified Date = 5/14/2008 9:00:29 PM | Attr =	]
Default.rdp -> %UserProfile%\My Documents\Default.rdp ->  [Ver =  | Size = 1204 bytes | Modified Date = 5/25/2008 9:01:56 AM | Attr =  H ]
English -> %UserProfile%\My Documents\English ->  [Folder | Modified Date = 5/14/2008 3:59:54 PM | Attr =	]
My Pictures -> %UserProfile%\My Documents\My Pictures ->  [Folder | Modified Date = 5/16/2008 11:17:22 PM | Attr = R  ]
AVG Free 8.0.lnk -> %AllUsersProfile%\Desktop\AVG Free 8.0.lnk ->  [Ver =  | Size = 1507 bytes | Modified Date = 5/19/2008 9:03:54 PM | Attr =	]
CounterSpy.lnk -> %AllUsersProfile%\Desktop\CounterSpy.lnk ->  [Ver =  | Size = 1821 bytes | Modified Date = 5/19/2008 2:24:25 PM | Attr =	]
ATF-Cleaner.exe -> %UserProfile%\Desktop\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Modified Date = 5/28/2008 9:23:59 AM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\ATF-Cleaner.exe:Zone.Identifier
HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk ->  [Ver =  | Size = 1734 bytes | Modified Date = 5/19/2008 2:05:03 PM | Attr =	]
Laura's photos -> %UserProfile%\Desktop\Laura's photos ->  [Folder | Modified Date = 5/14/2008 3:57:30 PM | Attr =	]
OTScanIt -> %UserProfile%\Desktop\OTScanIt ->  [Folder | Modified Date = 5/28/2008 9:26:29 AM | Attr =	]
OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe ->  [Ver =  | Size = 544843 bytes | Modified Date = 5/28/2008 9:25:48 AM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTScanIt.exe:Zone.Identifier
Adobe -> %CommonProgramFiles%\Adobe ->  [Folder | Modified Date = 5/14/2008 8:50:51 PM | Attr =	]
Microsoft Shared -> %CommonProgramFiles%\Microsoft Shared ->  [Folder | Modified Date = 5/19/2008 9:02:17 PM | Attr =	]

< End of report >


BC AdBot (Login to Remove)

 


m

#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:08:42 AM

Posted 29 May 2008 - 07:46 AM

Hi,

* Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 sullyzmail

sullyzmail
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:42 AM

Posted 02 June 2008 - 08:43 AM

Thanks for the help - here is the combofix log and the new highjackthis log.

lydell


ComboFix 08-06-01.6 - Stephanie 2008-06-02 9:28:05.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.564 [GMT -4:00]
Running from: C:\Documents and Settings\Stephanie\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Program Files\RcvSystem
C:\Temp\tmpvc14
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\hosts
C:\WINDOWS\system32\clbinit.dll
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\pac.txt
D:\Autorun.inf

----- BITS: Possible infected sites -----

hxxp://80.93.48.74
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CLBDRIVER
-------\Service_clbdriver


((((((((((((((((((((((((( Files Created from 2008-05-02 to 2008-06-02 )))))))))))))))))))))))))))))))
.

2008-05-28 09:40 . 2008-05-28 09:40 <DIR> d-------- C:\Deckard
2008-05-20 08:29 . 2008-05-20 08:29 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Sunbelt Software
2008-05-19 21:08 . 2008-05-28 09:04 <DIR> d--h----- C:\$AVG8.VAULT$
2008-05-19 21:03 . 2008-06-02 09:08 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-05-19 21:03 . 2008-05-19 21:03 <DIR> d-------- C:\Program Files\AVG
2008-05-19 21:03 . 2008-05-27 20:15 <DIR> d-------- C:\Documents and Settings\Stephanie\Application Data\AVGTOOLBAR
2008-05-19 21:03 . 2008-05-19 21:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-05-19 21:03 . 2008-05-19 21:03 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-05-19 21:03 . 2008-05-19 21:03 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-05-19 21:03 . 2008-05-19 21:03 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-05-19 19:37 . 2008-05-19 19:37 0 --a------ C:\WINDOWS\system32\SBRC.dat
2008-05-19 19:37 . 2008-05-19 19:37 0 --a------ C:\WINDOWS\system32\SBFC.dat
2008-05-19 14:33 . 2008-05-19 14:33 15,544 --a------ C:\WINDOWS\system32\drivers\sbhr.sys
2008-05-19 14:24 . 2008-05-19 14:24 <DIR> d-------- C:\Program Files\Sunbelt Software
2008-05-19 14:24 . 2008-05-19 14:24 <DIR> d-------- C:\Documents and Settings\Stephanie\Application Data\Sunbelt Software
2008-05-19 14:24 . 2008-05-19 14:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sunbelt Software
2008-05-19 14:05 . 2008-05-19 14:05 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-19 09:36 . 2008-05-19 09:36 20,992 --a------ C:\WINDOWS\system\run.exe
2008-05-19 09:00 . 2008-05-19 14:26 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-19 09:00 . 2008-05-19 14:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-18 22:07 . 2008-05-18 22:07 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Yahoo!
2008-05-18 22:05 . 2008-05-19 09:36 7,680 --a------ C:\WINDOWS\system\delnew.exe
2008-05-17 17:02 . 2008-05-17 17:02 9,216 --a------ C:\WINDOWS\xplugin.dll
2008-05-17 16:38 . 2008-05-19 09:04 160,256 --a------ C:\WINDOWS\system32\blackster.scr
2008-05-17 16:37 . 2008-05-18 09:11 <DIR> d-------- C:\WINDOWS\system32\dFrnx06
2008-05-17 16:37 . 2008-06-02 09:28 <DIR> d-------- C:\Temp
2008-05-17 16:37 . 2006-03-16 00:00 4,224 --a------ C:\WINDOWS\system32\beep.sys
2008-05-17 16:37 . 2008-05-17 16:37 4 --a------ C:\WINDOWS\system32\hljwugsf.bin
2008-05-08 15:44 . 2008-05-19 09:23 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-08 15:44 . 2008-05-08 15:44 1,409 --a------ C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-28 14:56 17,630 ----a-w C:\Documents and Settings\Stephanie\Application Data\wklnhst.dat
2008-05-25 12:14 --------- d-----w C:\Program Files\KETS Enterprise VPN
2008-05-20 01:23 --------- d-----w C:\Program Files\DIGStream
2008-05-15 00:50 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-14 12:31 20,747 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2008-04-14 12:00 --------- d-----w C:\Program Files\BUFFALO
2008-04-07 16:43 --------- d-----w C:\Documents and Settings\Stephanie\Application Data\Leadertech
2008-04-03 12:08 --------- d-----w C:\Program Files\Java
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
2008-05-19 21:03 2050816 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= "C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL" [2008-05-19 21:03 2050816]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-05-19 21:03 2050816]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-16 00:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-29 07:47 68856]
"QdrModule16"="C:\Program Files\QdrModule\QdrModule16.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-06 00:56 64512]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-04 01:58 458752]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-18 04:00 7585792]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-18 04:00 86016]
"nwiz"="nwiz.exe" [2006-08-18 04:00 1617920 C:\WINDOWS\system32\nwiz.exe]
"MsmqIntCert"="regsvr32 /s mqrt.dll" []
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-01 20:02 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-04-01 01:01 761946]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-07-12 00:55 102400]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 19:30 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 19:30 81920]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 14:33 163840]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 13:23 1187840]
"Reminder"="C:\Windows\CREATOR\Remind_XP.exe" [2006-02-09 12:52 643072]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 00:46 57344]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58 282624]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 10:36 256576]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"SBCSTray"="C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe" [2007-12-21 15:30 698864]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-05-19 21:03 1177368]

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
Vongo Tray.lnk - C:\Program Files\Vongo\Tray.exe [2006-05-09 16:09:32 73728]

C:\Documents and Settings\Stephanie\Start Menu\Programs\Startup\
Vongo Tray.lnk - C:\Program Files\Vongo\Tray.exe [2006-05-09 16:09:32 73728]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
ClientManager3.lnk - C:\Program Files\BUFFALO\Client Manager3\cm3_tray.exe [2008-04-14 08:31:08 466944]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-09-24 12:39:30 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\mqsvc.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\KETS Enterprise VPN\\Extranet.exe"=
"C:\\Program Files\\BUFFALO\\Client Manager3\\AOSS\\aoss.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=

R0 SBHR;SBHR;C:\WINDOWS\system32\drivers\sbhr.sys [2008-05-19 14:33]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-05-19 21:03]
R1 BUFADPT;BUFADPT;C:\WINDOWS\system32\BUFADPT.SYS [2005-07-06 00:52]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-05-19 21:03]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-05-19 21:03]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-05-19 21:03]
R3 Eacfilt;Eacfilt Miniport;C:\WINDOWS\system32\DRIVERS\eacfilt.sys [2004-04-16 15:35]
R3 IPSECSHM;Nortel IPSECSHM Adapter;C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys [2004-04-16 15:34]
R3 nvsmu;nvsmu;C:\WINDOWS\system32\DRIVERS\nvsmu.sys [2006-03-05 19:49]
S2 IPSECEXT;Nortel Extranet Access Protocol;C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys [2004-04-16 15:34]
S2 Windows Action Script;Windows Action Script;"C:\WINDOWS\system32\scvhost.exe" []
S3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;C:\WINDOWS\system32\Drivers\5U870CAP.sys [2006-06-06 16:39]
S3 SBAPIFS;SBAPIFS;C:\WINDOWS\system32\drivers\sbapifs.sys []

.
Contents of the 'Scheduled Tasks' folder
"2008-05-05 15:44:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-02 09:32:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\BUFFALO\Client Manager3\bwsvc\Bwsvc.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
C:\Program Files\Vongo\VongoService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
.
**************************************************************************
.
Completion time: 2008-06-02 9:35:50 - machine was rebooted [Stephanie]
ComboFix-quarantined-files.txt 2008-06-02 13:35:47

Pre-Run: 45,018,472,448 bytes free
Post-Run: 44,968,755,200 bytes free

191 --- E O F --- 2008-05-16 12:13:47

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:36:32 AM, on 6/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\BUFFALO\Client Manager3\bwsvc\bwsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Vongo\VongoService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\BUFFALO\Client Manager3\cm3_tray.exe
C:\Program Files\Vongo\Tray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [QdrModule16] "C:\Program Files\QdrModule\QdrModule16.exe"
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe
O4 - Global Startup: ClientManager3.lnk = C:\Program Files\BUFFALO\Client Manager3\cm3_tray.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bwsvc - BUFFALO INC. - C:\Program Files\BUFFALO\Client Manager3\bwsvc\bwsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: Vongo Service - Starz Entertainment Group LLC - C:\Program Files\Vongo\VongoService.exe
O23 - Service: Windows Action Script - Unknown owner - C:\WINDOWS\system32\scvhost.exe (file missing)

--
End of file - 9389 bytes

#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:08:42 AM

Posted 02 June 2008 - 08:58 AM

Hi,

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!


The first step required before you run it is to install the Recovery Console.
Read here how to do this with Combofix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

The reason why Recovery Console is recommended is because malware damages a lot and causes an instable system - and because of that, it may happen that your computer won't be able to boot anymore. With the Recovery Console installed, there are extra options present to repair whatever malware damaged. Also, even though you're not infected, the presence of the Recovery Console is a useful feature in case a computer won't boot anymore because of several other reasons. Read here what you can do with the Recovery Console.

Extra note: After you have installed the Recovery Console - if you reboot your computer, right after reboot, you'll see the option for the Recovery Console now as well.
Don't select to run the Recovery Console as we don't need it.
By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows.

Then, * Open notepad - don't use any other texteditor than notepad or the script will fail.
Copy/paste the text in the quotebox below into notepad:

File::
C:\WINDOWS\system32\blackster.scr
C:\WINDOWS\system32\hljwugsf.bin
C:\WINDOWS\system\delnew.exe
C:\WINDOWS\system\run.exe
Folder::
C:\WINDOWS\system32\dFrnx06
Driver::
Windows Action Script
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QdrModule16"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000000
"UpdatesDisableNotify"=dword:00000000


Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThislog.

Also, Go to next site:
http://www.virustotal.com/en/indexf.html
On top you'll find 'Browse'
Click the browse button and browse to next file:

C:\WINDOWS\xplugin.dll

Click open.
Then click the 'Send' button next to it.
This will scan the file. Please be patient.
Once scanned, copy and paste the results in your next reply as well.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 sullyzmail

sullyzmail
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:42 AM

Posted 02 June 2008 - 12:57 PM

Oops! - I went through the installation of the recovery console, but i missed something. it is installed now. i don't want to waste any of your time! i've completed the steps, and here is the info:

ComboFix 08-06-01.6 - Stephanie 2008-06-02 13:33:10.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.612 [GMT -4:00]
Running from: C:\Documents and Settings\Stephanie\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Stephanie\Desktop\cfscript.txt
* Created a new restore point

FILE ::
C:\WINDOWS\system\delnew.exe
C:\WINDOWS\system\run.exe
C:\WINDOWS\system32\blackster.scr
C:\WINDOWS\system32\hljwugsf.bin
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system\delnew.exe
C:\WINDOWS\system\run.exe
C:\WINDOWS\system32\blackster.scr
C:\WINDOWS\system32\dFrnx06
C:\WINDOWS\system32\hljwugsf.bin

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_WINDOWS_ACTION_SCRIPT
-------\Service_Windows Action Script


((((((((((((((((((((((((( Files Created from 2008-05-02 to 2008-06-02 )))))))))))))))))))))))))))))))
.

2008-05-28 09:40 . 2008-05-28 09:40 <DIR> d-------- C:\Deckard
2008-05-20 08:29 . 2008-05-20 08:29 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Sunbelt Software
2008-05-19 21:08 . 2008-05-28 09:04 <DIR> d--h----- C:\$AVG8.VAULT$
2008-05-19 21:03 . 2008-06-02 09:08 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-05-19 21:03 . 2008-05-19 21:03 <DIR> d-------- C:\Program Files\AVG
2008-05-19 21:03 . 2008-05-27 20:15 <DIR> d-------- C:\Documents and Settings\Stephanie\Application Data\AVGTOOLBAR
2008-05-19 21:03 . 2008-05-19 21:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-05-19 21:03 . 2008-05-19 21:03 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-05-19 21:03 . 2008-05-19 21:03 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-05-19 21:03 . 2008-05-19 21:03 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-05-19 19:37 . 2008-05-19 19:37 0 --a------ C:\WINDOWS\system32\SBRC.dat
2008-05-19 19:37 . 2008-05-19 19:37 0 --a------ C:\WINDOWS\system32\SBFC.dat
2008-05-19 14:33 . 2008-05-19 14:33 15,544 --a------ C:\WINDOWS\system32\drivers\sbhr.sys
2008-05-19 14:24 . 2008-05-19 14:24 <DIR> d-------- C:\Program Files\Sunbelt Software
2008-05-19 14:24 . 2008-05-19 14:24 <DIR> d-------- C:\Documents and Settings\Stephanie\Application Data\Sunbelt Software
2008-05-19 14:24 . 2008-05-19 14:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sunbelt Software
2008-05-19 14:05 . 2008-05-19 14:05 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-19 09:00 . 2008-05-19 14:26 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-19 09:00 . 2008-05-19 14:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-18 22:07 . 2008-05-18 22:07 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Yahoo!
2008-05-17 17:02 . 2008-05-17 17:02 9,216 --a------ C:\WINDOWS\xplugin.dll
2008-05-17 16:37 . 2008-06-02 09:28 <DIR> d-------- C:\Temp
2008-05-17 16:37 . 2006-03-16 00:00 4,224 --a------ C:\WINDOWS\system32\beep.sys
2008-05-08 15:44 . 2008-05-19 09:23 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-08 15:44 . 2008-05-08 15:44 1,409 --a------ C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-28 14:56 17,630 ----a-w C:\Documents and Settings\Stephanie\Application Data\wklnhst.dat
2008-05-25 12:14 --------- d-----w C:\Program Files\KETS Enterprise VPN
2008-05-20 01:23 --------- d-----w C:\Program Files\DIGStream
2008-05-15 00:50 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-14 12:31 20,747 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2008-04-14 12:00 --------- d-----w C:\Program Files\BUFFALO
2008-04-07 16:43 --------- d-----w C:\Documents and Settings\Stephanie\Application Data\Leadertech
2008-04-03 12:08 --------- d-----w C:\Program Files\Java
.

((((((((((((((((((((((((((((( snapshot@2008-06-02_ 9.35.36.40 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-02 13:31:38 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-02 17:36:34 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
2008-05-19 21:03 2050816 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= "C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL" [2008-05-19 21:03 2050816]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-05-19 21:03 2050816]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-16 00:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-29 07:47 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-06 00:56 64512]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-04 01:58 458752]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-18 04:00 7585792]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-18 04:00 86016]
"nwiz"="nwiz.exe" [2006-08-18 04:00 1617920 C:\WINDOWS\system32\nwiz.exe]
"MsmqIntCert"="regsvr32 /s mqrt.dll" []
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-01 20:02 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-04-01 01:01 761946]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-07-12 00:55 102400]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 19:30 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 19:30 81920]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 14:33 163840]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 13:23 1187840]
"Reminder"="C:\Windows\CREATOR\Remind_XP.exe" [2006-02-09 12:52 643072]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 00:46 57344]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58 282624]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 10:36 256576]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"SBCSTray"="C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe" [2007-12-21 15:30 698864]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-05-19 21:03 1177368]

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
Vongo Tray.lnk - C:\Program Files\Vongo\Tray.exe [2006-05-09 16:09:32 73728]

C:\Documents and Settings\Stephanie\Start Menu\Programs\Startup\
Vongo Tray.lnk - C:\Program Files\Vongo\Tray.exe [2006-05-09 16:09:32 73728]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
ClientManager3.lnk - C:\Program Files\BUFFALO\Client Manager3\cm3_tray.exe [2008-04-14 08:31:08 466944]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-09-24 12:39:30 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\mqsvc.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\KETS Enterprise VPN\\Extranet.exe"=
"C:\\Program Files\\BUFFALO\\Client Manager3\\AOSS\\aoss.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=

R0 SBHR;SBHR;C:\WINDOWS\system32\drivers\sbhr.sys [2008-05-19 14:33]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-05-19 21:03]
R1 BUFADPT;BUFADPT;C:\WINDOWS\system32\BUFADPT.SYS [2005-07-06 00:52]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-05-19 21:03]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-05-19 21:03]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-05-19 21:03]
R3 Eacfilt;Eacfilt Miniport;C:\WINDOWS\system32\DRIVERS\eacfilt.sys [2004-04-16 15:35]
R3 IPSECSHM;Nortel IPSECSHM Adapter;C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys [2004-04-16 15:34]
R3 nvsmu;nvsmu;C:\WINDOWS\system32\DRIVERS\nvsmu.sys [2006-03-05 19:49]
S2 IPSECEXT;Nortel Extranet Access Protocol;C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys [2004-04-16 15:34]
S3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;C:\WINDOWS\system32\Drivers\5U870CAP.sys [2006-06-06 16:39]
S3 SBAPIFS;SBAPIFS;C:\WINDOWS\system32\drivers\sbapifs.sys []

.
Contents of the 'Scheduled Tasks' folder
"2008-05-05 15:44:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-02 13:36:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\BUFFALO\Client Manager3\bwsvc\Bwsvc.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
C:\Program Files\Vongo\VongoService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Completion time: 2008-06-02 13:40:37 - machine was rebooted [Stephanie]
ComboFix-quarantined-files.txt 2008-06-02 17:40:33
ComboFix2.txt 2008-06-02 13:35:50

Pre-Run: 44,927,066,112 bytes free
Post-Run: 44,911,968,256 bytes free

188 --- E O F --- 2008-05-16 12:13:47




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:44:28 PM, on 6/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\BUFFALO\Client Manager3\bwsvc\bwsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Vongo\VongoService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\BUFFALO\Client Manager3\cm3_tray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Vongo\Tray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe
O4 - Global Startup: ClientManager3.lnk = C:\Program Files\BUFFALO\Client Manager3\cm3_tray.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bwsvc - BUFFALO INC. - C:\Program Files\BUFFALO\Client Manager3\bwsvc\bwsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: Vongo Service - Starz Entertainment Group LLC - C:\Program Files\Vongo\VongoService.exe

--
End of file - 9278 bytes


File xplugin.dll received on 06.02.2008 19:47:59 (CET)Antivirus Version Last Update Result
AhnLab-V3 2008.5.30.1 2008.06.02 -
AntiVir 7.8.0.26 2008.06.02 -
Authentium 5.1.0.4 2008.06.01 -
Avast 4.8.1195.0 2008.06.02 -
AVG 7.5.0.516 2008.06.02 -
BitDefender 7.2 2008.06.02 -
CAT-QuickHeal 9.50 2008.06.02 -
ClamAV 0.92.1 2008.06.02 -
DrWeb 4.44.0.09170 2008.06.02 -
eSafe 7.0.15.0 2008.06.02 -
eTrust-Vet 31.4.5842 2008.06.02 -
Ewido 4.0 2008.06.02 -
F-Prot 4.4.4.56 2008.06.01 -
F-Secure 6.70.13260.0 2008.06.02 -
Fortinet 3.14.0.0 2008.06.02 -
GData 2.0.7306.1023 2008.06.02 -
Ikarus T3.1.1.26.0 2008.06.02 -
Kaspersky 7.0.0.125 2008.06.02 -
McAfee 5308 2008.06.02 -
Microsoft 1.3520 2008.06.02 -
NOD32v2 3152 2008.06.02 -
Norman 5.80.02 2008.06.02 -
Panda 9.0.0.4 2008.06.02 -
Prevx1 V2 2008.06.02 -
Rising 20.47.02.00 2008.06.02 -
Sophos 4.29.0 2008.06.02 -
Sunbelt 3.0.1139.1 2008.05.29 -
Symantec 10 2008.06.02 -
TheHacker 6.2.92.331 2008.06.02 -
VBA32 3.12.6.6 2008.06.01 -
VirusBuster 4.3.26:9 2008.06.02 -
Webwasher-Gateway 6.6.2 2008.06.02 -

Additional information
File size: 9216 bytes
MD5...: 261951c759af40f08b684382ffc1befc
SHA1..: 143a66a2a1919b3d0339fd2807b3156260606bea
SHA256: 334c508774cb464af98ca38562fd4105f2d96ed0b7047ab966ef364e1c9e0be4
SHA512: d805c8059d43d7d5326febfa1d4b8cc709631348ccb412a4378980be82dfcaf9<BR>4881306b5c0cdd91ea2268c9249f60309076670786cc2d810d6728c054937a37
PEiD..: -
PEInfo: -

#6 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:08:42 AM

Posted 02 June 2008 - 01:03 PM

Hi,

Almost done :thumbsup:

Start HijackThis, click scan and check the following entries:

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)


Click the fix checked button below.

Then, * Go to start > run and copy and paste next command in the field:

ComboFix /u

Make sure there's a space between Combofix and /
Then hit enter.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Let me know in your next reply how things are now.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 sullyzmail

sullyzmail
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:42 AM

Posted 02 June 2008 - 06:17 PM

:thumbsup: GONE!!!!!!!! I finished the last set of instructions and i seem to be Trojan-Free. I reset my AVG 8 settings and ran a complete scan, it showed only adware and tracking cookies. I greatly appreciate the help. Was it obvious where it was hiding? (in layman's terms).

Again, Great Work!

Thanks
lydell

#8 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:08:42 AM

Posted 03 June 2008 - 12:07 AM

Glad I could help. :thumbsup:

Please read my Prevention page with lots of info and tips how to prevent this in the future.
And if you want to improve speed/system performance after malware removal, take a look here.
Extra note: Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan.

Happy Surfing again!
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:08:42 AM

Posted 09 June 2008 - 07:28 AM

Since this issue appears resolved ... this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users